Strategy Blog: Viget Labs

M. Jackson Wilkinson - Strategist :

The W3C has been working on a specification for a geolocation API, and has reached the point where it's starting to firm up and come together. That's good news, as it allows browsers to tell websites, through a JavaScript interface, where the browser is located.

The better news is that we're going to be able to use these new APIs sooner than you might have thought, given the relatively new nature of the API draft spec. Opera has implemented the spec in builds for several months, and it will be implemented in the release of Firefox 3.5. More recently, it's become evident that Mobile Safari in the new iPhone 3.0 software provides a geolocation API, and it appears (outside of the NDA realm, at least) that it is indeed compatible with the W3C API.

What does this mean?

Continue reading "Geo: Soon to be Legit"

Kevin Vigneault - Project Manager :

The defining characteristic of a password field is that it abstracts text as dots. While the intention of this behavior is understandable (it makes users feel secure and protects from prying eyes), the unintended effect is that it creates a usability problem. Users can't tell if they've entered a password incorrectly until after the site's validation informs them. It's like typing with your eyes closed.

The most common solution for the password field problem on registration pages is to require people to confirm their password in a second field. Again, the intention is understandable (it cuts down on mistakes), but the reality is that sites are requiring people to deal with two password fields. Here's an example of the common solution with some JavaScript validation:

While this isn't a terrible experience, I think there are a few other ways to handle this problem worth exploring. With some inspiration from a post on IxDA.org, I've created three below. Of note, all of these proposed solutions load a password field when the page is generated, so the browser will initially treat them as regular password fields.

Solution #1: Users click a checkbox to show characters

Pros: The decision to show or not show characters is fully at the discretion of the user. Passwords can be edited while characters are displayed.

Cons: It doesn't automatically switch back to a password field. People could accidentally keep it checked while they're filling out the rest of the form, leaving the password susceptible to prying eyes.

Solution #2: Users hold down a button to temporarily show characters

Pros: Users are able to see their password characters if they'd like and cannot accidentally leave the field in the show character state. This solution potentially feels more secure to users than solution #1.

Cons: The downside is that users cannot leave the field in "Show characters" mode while they're editing the field. They can only see what they've entered when the button is pressed down.

Solution #3: The password field automatically changes to show characters

Pros: As a user, this approach would be my personal favorite because it's the easiest option, and you always see your password as you're typing it in. I don't really care about other people seeing what I type, since I rarely find myself in situations where I notice or would expect people to leer at my screen.

Cons: When users first select the field and start typing, it will look and behave like a regular text field -- which may be startling to some. Users will not see that it switches to a password field until after they've entered something and clicked off of it.

Conclusion

None of the solutions presented here are the silver bullet for how to handle password fields in all situations. Depending on your users, your goals for the form, and your willingness to try something a little extraordinary, one of these options may make sense for your site. If anyone has any other ideas for how to handle password fields, I'd love to hear about it in the comments.

Update! April 16, 2009

In response to this post, Stephen Lewis from Experience Internet put together a writeup and demo for another alternative to password confirmation. His works very similarly to the iPhone password input field where the last character is momentarily a character before automatically switching to password "bullet".

Jackson Fox - User Experience Designer :

Over the last few months, I've worked on several projects that started with good, solid user research efforts. We've sent out surveys, performed interviews, run usability tests, and worked with customer support teams. It's exciting to start a design project with good input from users, but the research we've been doing made me realize how often we have to work without the benefit of good user insights. This got me looking around at tools that companies can use to get started on gaining insight into their user's needs. I found two that looked particularly useful, and easy to use: Get Satisfaction and UserVoice.

Continue reading "Creating a Feedback Loop for Users"

Brian Wynne Williams - CEO & Co-Founder :

This week’s New York Times article on Friendster focused on their 2003 decision to turn down a $30 million acquisition offer from Google which, at the moment, appears to have been a very bad idea (had he taken it in stock, founder Jonathan Abrams could be worth $1 billion today).

I thought the more interesting insight was why Friendster saw copycat MySpace rocket past them in popularity.  A combination of executive turnover and a lack of focus contributed; but, ultimately, it was bad technology, according to the article.

Referring to Friendster’s all-star board, Kent Lindstrom, an early employee, said “They were talking about the next thing ... Yet we didn’t solve the first basic problem: our site didn’t work.”

Shocking that the technology failed?  No.  Plenty of start-ups are built on shoddy technology that doesn’t scale.  What’s more shocking is that what was painfully obvious to every user (40-second page downloads?) apparently wasn’t deemed important enough to fix.  Had Friendster anticipated their architecture limitations and worked proactively to address them, they could have avoided the long-standing performance problems that scared off their audience.

My advice?  Build your start-up with growth in mind.  That could mean building a platform that will literally scale, presumably by adding (relatively) low-cost hardware as your traffic increases.  At the very least, it means monitoring your growth and having a re-architecture plan in place when it’s needed.  Having performance issues due to popularity is a good problem to have if you plan for it right and react accordingly when it happens.