Statements like this always make me uneasy. People are not stupid, and you’ve just dismissed a real insight into a mental model that illustrates what’s wrong with most web services.
Usernames and passwords are inherited history from the UNIX and mainframe days of the 60s and 70s. They each carry baggage about what they let you do: the username publicly identifies you as the owner of certain things, and the password lets you prove you are the person you say you are. Added to that, in UNIX, are complex systems of permission flags and Access Control Lists, that let owners delegate and give access to certain files and folders. Even most UNIX users don’t understand them completely, especially the minutiae of system-specific flags.
The web is about sharing (and not a dropdown labelled ‘share’, which will need another post), and people will share with the tools they’re given. If username and password are front and centre, then they’re the tools people will use. There’s so much usability dogma about reducing the sign-up process and throwing people into use that important details – such as explaining what all the cogs and levers do – are forgotten, or assumed as knowledge. If I put photos there using a username and password, surely it makes sense that for others to access those photos, they need the same username and password?
We’ve also conflated friendship or linkage with privileges. As well as people trying to understand the symmetricity of friendship, and what that means, we’ve overloaded the declaration with the method of giving access rights – and not explained what the levels of connectedness mean in terms of security and privacy.
If your service is about sharing, and sharing privately, maybe there should be another secret word generated when people sign up (and not asked for, as another password) – a safe word, if you will. Print it big. Explain what this word means. Tell people that this is what you should give out to people to give access.
PS. If you said ‘we should all use OpenID’ – that solves – badly – one of the problems, but not that of the need for different magic words for different privileges to my data.
(thanks to paul for the friendfeed tipoff)
This is something that I brought up with dana boyd way back in 2004 (when she was thinking about asymmetry and reciprocity in relation to Friendster) and something I talked a bit about last year.
We’re still dealing with it, aren’t we? And I still wonder if there’s something we can learn from BDSM about thresholds.
Isn’t this something that Ovi Share does already? It allows you to share your pics to friends without user accounts as long as they’ve got an email address by using a secret URL.
email: chris is at anti-mega.com