The web has been around now for over two decades. Whether it was a practice used during the internet’s early “wild-west” period, or something not well thought out, it is time for these practices stop. Here is my list of practices to avoid and even openly condemn.
Re-type your email address
Re-entering an email address was a very simple way of validating an email address entered by a user, way back when even an email address was new to the user like the internet itself. Email addresses are common place now, so having a user re-enter them isn’t necessary. We still have our users enter and re-enter passwords, but think about why: we don’t display the passwords to the user when we do this. And the modern practice with passwords is to add a check box next to the password, to optionally display it. And the sites which are well-designed have dropped the second password entry text box when the check box to expose the password is selected. So how can we justify repetition for an email address which is fully displayed?
Disabling copy/paste when asking for an email address or password
This one is so asinine it’s hard to fathom (are you listening United Healthcare). A person goes to a place where the accurate email address is written down, copies it, then is denied pasting a known correct address into the text, and requires an error-prone manual keyboard entry instead. For those of you doing this, lay off the drugs. For those of you being told to do this by a product manager, hide their drugs.
Fighting password saving mechanisms built into a browser
Modern browsers like Firefox and Chrome have become very good at detecting login pages and allowing the user to save their login information for future auto-population when they next visit the site. Still, it is common to see web applications using Flash, Silverlight or other HTML 5 code to circumvent this. Why? It has to be some level of paranoid control-freak in the product manager who thinks this way. Anyone with any level of internet savvy wants to save credentials. And the larger players in the browser market like Google have more resources and more motivation to secure the information than any localized IT department. A product manager may feel like their job is secure telling their manager how they protect their product by blocking saved passwords, but the world is really getting fed up with simple auto updates erasing saved credentials in mobile devices. That should be your cue. Even worse, the app is forcing people to do more work, when the goal of technology is to save them work and leverage their time.