8 More Design Mistakes with Account Sign-in (via) Second of a two part series by Jared Spool. I agree with all of them with the possible exception of #15 which advocates providing a non-email password recovery solution. Security “questions” are usually dreadfully insecure, and introduce the need to lock users out of their accounts after just a few tries.
Recent articles
- OpenAI are quietly adopting skills, now available in ChatGPT and Codex CLI - 12th December 2025
- GPT-5.2 - 11th December 2025
- Useful patterns for building HTML tools - 10th December 2025