Re: [ACTION-908] good practice for login forms

I have little to add to what the others, and especially Rotan, have stated so far. 

>* We have a BP on "One Web" which encourages the
> use of the same account / personalization between 
> desktop and mobile web applications --> it would be
> strange then to have different recommendations for 
> mobile passwords as opposed to desktop passwords.

Well, I have bank accounts (on the desktop Web) that require exclusively numeric passwords and exclusively numeric additional one-time challenge-response keys (via a handheld one-time password generators). Similar issue in some corporate environments (SecurID cards and so on). So the approach is not exotic. As for the one Web, if this is interpreted as coercing mobile devices to be used in the same way as desktop ones, then difficulties are to be expected.

> * Virtual keyboards are getting more popular and so 
> even on mid-range devices can we not expect the input
> limitations of numeric keypads to fade away pretty
> quickly.

Obviously the recommendation (b) does not make sense for devices with full keyboards (e.g. Nokia Communicators, Blackberries) -- although recommendation (a) might still make sense, and (c) still applies. As for the evolution of mid-range phones, etc, good practices should be generally applicable and useful now, not in some indistinct future, the large number of low-end phones with a simple keypad will not disappear, and I have doubts as to the usability of these virtual keyboards (which is more usable: entering a numeric pin-code directly, or launching a virtual keyboard, typing in, then closing it and continuing with the form?)

I had only been tasked to document what is considered good practice in the mobile Web -- I did not realize this topic would generate so much discussion.

E.Casais


      

Received on Wednesday, 4 February 2009 14:04:19 UTC