Thursday, September 23, 2010

Retype Your Password : Why should I ?

I have created countless accounts online, needless to say that i use only a small fraction of them in reality. In the process of creating these accounts i would have filled hundred if not thousands of forms which say Type your password in one row and Retype you password in the succeeding row. But I had never ever seriously analyzed  as to what I gain and what I loose by Retyping my password.

Recently I created an account and happily filled the Type your password and Retype your password fields in the form. I browsed the site that day. Few days later I tried to login to the website. "The username and passwords don't match" the server scowled at me. Bingo!! I tried few combinations, but all in vain. Rather than trying to recover my password, I set about to understand what had actually conspired against me.

And here goes my story : (Read this paragraph at the end)
What had actually happened was that I had mistyped my password. That's fair enough as all of us make mistakes. But what saddens me is that i had mistyped while retyping the password. Thats also acceptable though rare. But what interests me is that in both the cases my typos were same. So the poor system assumed that, what I typed was the actual password. And there I was blissfully ignorant of the my blunder. It would have been a tedious process to regain my password, if I had tried. But I didn't as I was busy analyzing what had happened and I was content with what I was doing.

Now lets analyse all the scenarios that arise in this context and see whether the extra effort we put in retyping the password is worth  it. There are four scenarios.
Password[P] Correct Password[P] Wrong
Retype Password[RP] Correct Case I
(P = RP)
Case II
(P != RP)
Retype Password[RP] WrongCase III

(P != RP)
Case IV 

(P = RP)  OR (P !=RP)
   V                   VI



Step 1 : Enter your Password
Step 2 : Retype your password

After completing Step 2, we can't differentiate between case I and V. After step 2 we also can't differentiate between Case II, Case III and case VI


Case I : Both Password and Retype password are correct - OK Scenario
Step 1 : The password is correct. So there is no need of Step 2, but since we don't know that password is correct we go to Step 2. That is where are trying to eliminate Case II here. But in the process we are creating chances for Case III, which is an unfavorable one.
Step 2 : Retype your password is also correct.  Hence we ended up in case, but we could as well have ended up in Case III.

Case II : Password is wrong and Retype password is correct - Ideal scenario
Step 1 : The password is incorrect. So in the absence of Step 2, your account would have been created with wrong password.
Step 2 : Retype your password is correct and hence you catch hold of the error in Step 1. But we could have as well ended up in Case IV

Case III : Password is correct but Retype password is wrong - A bad scenario
Step 1 : The password is correct. But at this step since we don't know that, we proceed to Step 2
Step 2 : The Retype password is wrong. Oooops though the password in Step 1 was correct we ended up in Case III and we will have to create our login again.

Case IV : Password is wrong but Retype password is wrong - A good/dangerous scenario
Step 1 : The password is wrong. Good that we have step 2
Step 2 : The Retype password is also wrong. Shit how could we mistype in second attempt also.

Now this is where this particular case gets interesting, if the typos in step1 and step 2 are different then we are saved and we have good scenario. It the typos in step 1 and step 2 happen to be the same then we are in for a toss. That's dangerous situation. Because we end up in what we tried to avoid. We will be erring with more confidence that we are right, which i think is more dangerous.

This is just the common sense analysis, the mathematical analysis with the use of probability shall follow ...




6 comments:

Anonymous said...

http://www.toma.jp/blog/jiumengshici/?entry_id=869830
http://www.toma.jp/blog/jiumengshici/?entry_id=877981
http://www.benches2swings.com/vocab/catpath/mobile-phones-double-digital-cameras-are-not-uncommon-any-more.html
http://aeioio.com/social/blogs/viewstory/29005
http://amuntai.16mb.com/index.php?p=blogs/viewstory/5705
http://archive.remdublin.com/blog/huangshumei/2013/01/28/my-yahoo-search-beyond-bookmarks
http://nen360.nenonline.org/blog/contract-deal
http://blog.qlep.com/blog.php/223035/718355
http://sns.cam111.com/blogs/entry/The-features-of-LED-video-display-include-high-resolution-with-virtual-pixel-technology
http://blog.qlep.com/blog.php/223035/718351
http://www.mymarburg.com/blog/76809/this-can-%E3%83%9F-%E3%83%A5-%E3%82%A6-%E3%83%9F-%E3%83%A5-%E3%82%A6-%E8%B2%A1-%E5%B8%83-be-even-more-true-if-you-use-refilled-ink-cartridg/
http://sns.cam111.com/blogs/entry/emergence-of-new-market-players-and-innovations
http://oriflameblog.cz/forum/topic/the-features-of-led-video-display-include-high-resolution-with-virtual-pixel-tec?replies=1#post-38928
http://cinecloudfilms.com/index.php?do=/blog/93530/this-extra-traffic-spotting-service-will-only-be-available-as-a-premium-%E3%83%88-%E3%83%AA/
http://aadensworld.com/index.php?p=blogs/viewstory/1419

Anonymous said...

When I initially commented I clicked the "Notify me when new comments are added" checkbox and now each time
a comment is added I get three e-mails with the same comment.
Is there any way you can remove people from that service?
Appreciate it!

Also visit my page game of war fire age building queue

John said...

Great presentation! I've learned much more from your article about changing a password. I wanna share something with you and that's about spotting scope. If you like birding, hunting or shooting then visit the site > Best Spotting Scope . However, thanks for the post.

Simon Mayers said...

Welcome to Brisbane Family Law Services, a firm that focuses solely on family law and can assist with all of your family law requirements.
browse this site

Eve Dawbin said...

Leading independent law firm offering a wide range of property, commercial, corporate, litigation and dispute resolution legal services
Read More

shimul said...

Places I need your help or if you have another site like.Digital Marketing
please share with me.I want to start new Seo & Digital Training Service.
Thank you