I wish you, my dear readers, a wonderful 2013. Here is what I wrote about and posted in 2012 which was the most popular with you all.
- Twitter 1596
This is because when scripts download, nothing else can be downloaded along with it in parallel (in contrast, multiple images could have come through at the same time). So that is why moving them to the bottom gives a chance for the rest of the page to load up faster.
Everything is fine and as intended. Focus is set on ‘username’ text field. The user can proceed to typing in credentials.
This could be labeled as a usability issue medium to high error severity since the issue translates to a security concern.
Having the password reveal itself without the wishes of the user is bad usability because the application is not behaving as the user expects it to. When a user enters data in a text box, the user expects the data being filled to appear in the text box- either masked or as is depending on whether it is a password text field or not. What the user does not expect is to see the focus of the text box change to another and their password get revealed.
Of equally serious concern is the consequence of the issue- the user’s password is partially or completely revealed, without their intentions of the user wanting to do so. This password may be observed by a passerby who the user does or does not notice, who may then go on to compromise the account.
This issue is certainly something Twitter should fix immediately considering low level of effort (LOE) required to plug it up. There are two solutions to the issue, both very simple both with their pros and cons.
By shifting the code and placing it above the ‘username’ field of the login form, it is guaranteed that the script will load before the form loads. And thus, the focus will always be set on the ‘username’ text field.
Pro: Focus will always set on ‘username’ field before the user can attempt to do so
Con: Page loading speed may however be compromised.
The solution is to modify the code logic and keep it at the position it is currently at- so page loading speed is uncompromised and the issue is not caused either.
Currently, the script simply sets focus on the username text field when the script loads. The script may be modified to set up a condition where the script first checks if the focus is already set on either the ‘username’ or ‘password’ text field of the login form. If so, we do nothing since we can assume that the user is busy entering account details. But if the focus is not set upon either of the fields, then we can, as the script, earlier did, set focus upon the ‘username’ text field.
The advantage here is that we do not compromise page loading speed. We also ensure that the user’s password does not accidentally get revealed. What we don’t ensure is the fact that the user may set focus manually upon the ‘username’ text field before the script does so.
Pro: Page loading speed remains uncompromised and the unintended consequence of password revelation can never occur.
Con: The goal of the ‘text field focus’ solution which was to always set focus on ‘username’ before user can attempt to do so is not met.
Here’s hoping to see Twitter patch this up as soon as possible. What are your thoughts?