Letting Your Security People Make The Rules For Your Forms is a Bad Idea

We've got plenty of evidence that low literacy users don't understand the web in the same way that anti-noobes do.

Here's a few links:

• http://www.useit.com/alertbox/20050314.html


• http://crisp.cit.nih.gov/crisp/CRISP_LIB.getdoc?textkey=6859037&p_grant_num=1R21LM008565-01&p_query=&ticket=22958743&p_audit_session_id=110894877&p_keywords=


• http://www.angelacolter.com/site/research/lowliteracy/index.html


• http://www.stc.org/intercom/pdfs/2004/200406_19-23.pdf


• http://www.uxmatters.com/MT/archives/000080.php


• http://eprints.rclis.org/archive/00005346/

One of the big areas low-literacy users just don't get are form instructions about creating user names and passwords.

The form above? A prime example of something where because they didn't think about the usability, they made the form almost impenetrable to people who don't read well or who just don't like being online. (And it's the only portal to a company that provides health insurance to local governments, so yes, low literacy users DO matter)

Me? I've been online and reading web pages since 1993-4. And I had to submit this form -4- times before I realized they wanted a special character in the USER NAME.

I've blogged before about the need for a universal way to set up passwords and explain the rules. Making someone have a special character (or number) in a user name is even worse. There's probably password rules, too, but, once again, I won't know what they are until I fail to comply with them.

No wonder people don't trust web based systems! We make them impossible to use!