So here’s a somewhat new design for my website, which took a couple of times to get right but is something I’m happy with for now.
To be honest the design isn’t my favourite, which I know it should be given that this is my site and should reflect the best of my ability. That said however, I had changes I really wanted to make to the site and really not enough time to get everything 100% right.
This is just a quick post to actually mention on my blog as well (as having previously done so on Twitter) that I lost my mind sometime in December and submitted an idea to talk (which was accepted, otherwise I wouldn’t be writing this) at Think Visibility 7 in March.
The reason I say lost my mind has nothing to do with the conference itself more my aversion to public speaking or almost anything that draws attention which could then be negative. But hell it’s 2012 I’m apparently considered a grown up so I’m sure I can spend 45 minutes of my life trying something new and scary.
So with that in mind if you’re free on the 3rd of March and have a slightly odd interest in a design based talk at what is primarily an SEO conference with some extra stuff thrown in then please come along. I’m sure my talk will either be informative or entertaining (in you’ll see me crumble on stage), hell I might even manage both 
Today I was skimming through the A List Apart article entitled “What I Learned About the Web in 2011” and it got me thinking about whether or not the forerunners in our industry are fighting the same war as the rest of us?
When working on a new project I always try and look at some old code and see if it can be improved in some way. Today it’s the validation on a user login form; and I need some help!
To be honest I can’t wrap my head round getting the right balance of how detailed to be with user validation in a couple of instances.
In a nutshell the question is:
Should I provide an error saying both the username and password are wrong if only one of them is actually wrong?
I was thinking about being more specific with the error messages. So if the username was correct but the password wasn’t only return an error detailing the password as wrong. Also on the flip side showing only a error for the username being wrong if the password was right.
I’ve scrapped the second idea because it seems stupid to confirm a password is correct if the username is wrong, surely a password can only be right once it’s associated to a username. There has to be implications on security too by confirming a password is correct and all a hacker would need to do is figure out the right username and then they’d be in.
So that left me with showing that only the password is incorrect if the username is right, but doesn’t the same problem exist in that I’m confirming a valid username and all a hacker has to do now is figure out the right password.
Does presenting an error message that says ‘some’ information is wrong work better by not telling some hacker what is or is not correct? But that doesn’t balance well with helping out users identify where the error actually lies.
So if anyone can help me come up with what they’d maybe do and why that would be really helpful.