Bad Error Message == Bad Usability
Posted at
Ardent Dev by Derek Hatchard (
Go directly to post):
Error messages should be helpful. Bad error messages disrespect the user by saying,
"something is wrong but I'm not going to tell you". I've made that
point before.
Today I was treated to a paragraph-long error message explaining password complexity
rules. The password that failed was this:
3"[cU8jlBe4vG}Zx{3^6@3
Look at this password with me. It's plenty long (22 char). It has numbers, uppercase
characters, lowercase characters, and non-alphanumeric characters. It's a good random
password. It was, in fact, randomly generated by Keith
Browns's PasswordMinder.
I dissected the paragraph of error message to find buried in
the middle this rule: must not have been changed within the last 1 day.
Oh. The problem was not complexity but that my password had been reset yesterday.
Here I was trying to be responsible by immediately changing my password after having
it reset...
What really irks me is that the error condition is known specifically but the error
message is generic. If the regular expression for password validation fails, tell
me that the password is not complex enough. If I used the same password in the past,
tell me that. If I cannot change my password today because it was changed yesterday,
tell me THAT.
When the specific error condition is known, tell the user exactly what is
wrong and whether or not it is his/her fault. That way he/she can act appropriately
without resorting to detective work.
Go to post