Sometimes I encounter a typical example of what I call “over-engineering”. Someone has been enthusiastically designing a webpage, and added a few business rules too many.
The example below could have been funny if the consequences weren’t so dangerous.
I was creating an account on the Vodafone 360 site. When I provided my password, I noticed they had a “password security indicator”. I was also pleased to see that I entered an extremely safe password; 4 out of 4!!
Then I got this message:
So, my password is restricted to digits and characters only. And apparently, only capitals too. Isn’t that odd? It severely restricts me in providing a safe password, and it violates every guideline ever created about passwords.
Shouldn’t any designer who thinks of such a rule shouldn’t be fired on the spot? I mean, what was he thinking?