RE: ACTION-406: Petname burden

I like the suggestion

 

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Mary Ellen Zurko
Sent: Friday, March 28, 2008 9:59 AM
To: Timothy Hahn
Cc: public-wsc-wg@w3.org
Subject: Re: ACTION-406: Petname burden

 


Maritza, here's one suggestion on a UT experiment. Though I'm not sure this
one can be reswizzled easily into something that's an easy lo fi prototype
to run. Could it be something like: Explain the petname concept to people
(learning about it is not the question). Show them some example sites, and
ask them what petname they would choose. (Maybe get one site from them they
regularly go to? Maybe use a large selection and select the subset they
either regularly visit or at least know of?) Get back with them after some
period of time. Show them some sites, some with pet names, some without. Ask
them if it all seems right to them. I'm fudging this last bit a little. What
exactly would provide good data in terms of number of sites, and how many
had the right petname (or lack thereof) and how many the "wrong" (or lack
thereof)? 

          Mez






From:

Timothy Hahn/Durham/IBM@IBMUS


To:

"public-wsc-wg@w3.org" <public-wsc-wg@w3.org>


Date:

03/26/2008 12:08 PM


Subject:

Re: ACTION-406: Petname burden

 

  _____  




Ian, others, 

This issue: 

Issue #3: "Cognitive burden" as Rachna called it. How many things can people
really remember, and how well will they hold up? E.g. I have 4 pasmark
sitesecure images, one for each of my banks. If the wrong one showed up for
a particular bank (e.g. my BoA image showed up for Vanguard), I don't think
I'd notice. If, for my account at my brokerage (which I rarerly log into)
the wrong image showed, I don't think I'd notice at all. Specifically, I
wonder if a "reasonable" petname shows up (e.g. for Bank of America, if the
petname were simply "bank of america", if anyone would notice that's not
_their_ petname... although it may well be ;-) ) 

I think this harkens back to the discussion Tyler and I had on this list
last week.  It seems that we're now in the space of different people having
different opinions of what we can reasonably expect users to remember (and,
indeed, whether remembering specifics is even important). 

Is there any way to bring more quantitative analysis to this discussion?
Does anyone have a proposal for a test/evaluation/survey/study which would
help us understand whether there is (or not) a cognitive burden and whether
or not it matters? 

Regards, 
Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530
 




From:

"Ian Fette" <ifette@google.com>


To:

"public-wsc-wg@w3.org" <public-wsc-wg@w3.org>


Date:

03/26/2008 01:48 AM


Subject:

ACTION-406: Petname burden

 

  _____  





In ACTION-406, I said I would raise issues I had with burden of petnames:

Issue #1: Burden on UI. If a user wants to use petnames and have them
displayed, great. I'm not sure where exactly that should be displayed, but
if a vendor wants to add this feature and give it screen real-estate, then I
don't want to stop them. However, I don't think it's appropriate for us to
say SHOULD/MUST display petnames as a default configuration, as it's not
clear that it's worth the UI tradeoffs. But what users and vendors choose is
fine. I'm not sure I want to force UAs to implement petnames, but if they
want to do it and the user wants to use it, great.

Issue #2: Burden on user during non-petname interactions. If I'm bookmarking
a site, trying to use a form-filler, or doing anything else where petnames
are not my intent - I think it's fine if petnames are offered as an option,
but I don't think they should be required to be offered as an option (again,
UI issues) and I definitely don't think they should change the flow (e.g. if
1-click bookmarking is the flow, ala FX3, I don't want to require
introduction of a screen that would effectively change it to 2-click) unless
the user has opted in to that changed flow.

Issue #3: "Cognitive burden" as Rachna called it. How many things can people
really remember, and how well will they hold up? E.g. I have 4 pasmark
sitesecure images, one for each of my banks. If the wrong one showed up for
a particular bank (e.g. my BoA image showed up for Vanguard), I don't think
I'd notice. If, for my account at my brokerage (which I rarerly log into)
the wrong image showed, I don't think I'd notice at all. Specifically, I
wonder if a "reasonable" petname shows up (e.g. for Bank of America, if the
petname were simply "bank of america", if anyone would notice that's not
_their_ petname... although it may well be ;-) )

Issue #4: Burden on other features / common use cases. We're talking about
disabling form filling for general use cases. Maybe that's separate from
petnames in general and is more an issue with PII-bar, but the two seem
closely linked in the current spec.

Basically, these issues sum up to "I don't have a problem with people using
petnames, if people find them useful that's great. I personally have
reservations about how they would hold up under attack in a long-term study,
I'm not convinced of the value proposition, the cost-benefit analysis, etc,
and so I don't want to force them upon users or vendors. But if people want
to use them, I certainly don't want to stop them."



[attachment "smime.p7s" deleted by Mary Ellen Zurko/Westford/IBM] 

Received on Friday, 28 March 2008 14:16:25 UTC