Originally Posted by lynxus
I have to agree, Session expiration is really annoying.
Passwords i think should be fairly secure, However i dont think "forcing" a user to use a strong password is really needed. ( Its up to them if they want to be hacked or not )
I would disagree on not requiring a strong password from everyone. If one user gets hacked, that user's information can be used to try and get larger access to the site itself. At the very least, it can lead to said hacker impersonating the user and engaging in trolling. Dealing with that was no fun. I think the best way to deal with passwords (outside of including external methods like USB keys) is to provide a meter which determines how strong the password is. That way you don't have users simply making a six character phrase like "llllll" as their password.
One thing that really gets me about usability is trying to make your page work in as many browsers as possible. It surprised me to find out how people still use IE6 despite the fact that it's 9 years old and it's ridiculously insecure. Even if the user likes the layout of IE6, they could upgrade to at least IE 7 or they could get Firefox and skin it to look like IE6. It's like when I stumbled upon a web page ran by a guy who still uses Windows 95. I mean, if you like it I can understand but why take the risk? Just switch to Linux if you don't like the later versions of Windows.