Chroma-Hash

Check this puppy out:
Chroma-Hash Demo — just type in a username and two passwords… you’re not actually registering, it’s just to show behavior. Note the lack of a submit button.

Now, personally, I could care less about hiding a user’s password when they log into a site. I think it’s a waste. I’ve taken too many calls from people who swear they’re entering their passwords correctly when they either a) set them up incorrectly in the first place or b) screwed it up and don’t realize it. Masking passwords in the privacy of my own home or on my own secure computer in my office or whatever is a deterrent to registering and logging on. It’s not quite the waste of a two-factor password system set up as a series of questions, (I’m looking at you, every-goddamned-bank-in-the-country) but these are my personal biases. And if you’re in a situation where you are forced to access secure/personal accounts in an insecure environment (like, I’ll acknowledge, banking) they might not be quite the waste that they are on, say, a badly-drawn sporadically-updated comic/blog site.

All that being said, I doubt we’re going to get rid of the *****ing passwords (heh, literally) any time soon.

So Chroma-Hash struck me as an awesome way to give users a visual representation that their password is typed correctly or incorrectly.

Then it struck me that one of my favorite passwords is really ugly when hashed… and my immediate reflex was to change it to something prettier.

Thinking of registration, I’ve been to plenty of sites that have that little bar next to them that show how secure your password is. If this color doohicky could be tweaked to show more-secure passwords in colors that combine into generally-more-pleasing sets, it could also encourage the use of secure password combinations. And I don’t see any downside to that.

But, what if?

Ah, security questions. I loathe them, because every time I see them I think of scenarios where they don’t work. (Too many years in tech support I guess. Milo could relate, and probably will at some point.) I’ve brought it up in multiple settings, but the usual excuse is that there’s got to be a question or three in the set of eighty kajillion that works for everyone if they just try hard enough. Sigh.

A recent UIE Brain Sparks sums it up nicely. Bonus is comment #10, with the security questions we’d like to see.