Tuesday, 10 February 2009

Password Woes

A long time wasted due to a really silly cause.

User asks for new password, which is emailed to them. Then they log in with it, only to have the password rejected as invalid.

The problem? In simulating user behaviour, I pasted the password in first, then typed the user name. What was happening was that the Browser was automatically applying the password it had stored for that user name and so overwriting the new password just created and (correctly) entered.

Moral: as a user, always enter user name before password. As a developer - allow for this in design?

No comments: