November 17, 2007

Bad Designs on Campus Winners

The winners of the Bad Designs on Campus contest have been announced.

Of note to Michigan developers is winning entry number three: there should be a login box on the frontpage of the webmail system. This is a basic usability problem that shows up in many UM web applications (mPrint, mfile).

November 17, 2007 06:22 PM

Comments

Although I do agree that it would be better for usability's sake to have a login box at mail.umich.edu, I think the reason it doesn't is for security.

The only way to ensure that a malicious or hacked web application can't steal your password is if you always make sure you only enter your password online at weblogin.umich.edu. If there are just random login boxes on websites that ask for your umich password, what's to say that they aren't going to steal it? Now, I know you can probably trust mail.umich.edu to be secure, but what about other sites? Just because a domain name ends in umich.edu doesn't mean the web application using that domain name can't be hacked. Heck... some web applications that use umich's centralized login system don't even use the umich.edu domain. One example:
http://liveugli.com

Could you trust liveUgli with your umich password? I wouldn't. That is why it redirects you to weblogin.umich.edu to enter your password, then redirects you back.


Posted by: mulka at November 23, 2007 06:48 AM

Login to leave a comment. Create a new account.