The sequence of events that inspired this micro-drama is as follows: Firstly, Jakob Nielsen decided to talk about iterative designs in tweets (or as he likes to dress them up: “stream-based postings”). He guides us through a process where in only five easy steps he has drained the blood from a sample tweet, leaving a dried husk that will rise in thirteen days to join the legions of humorless drones that find the useit.com design both fascinating and useful.

After this, Jeff Croft cuts through the meat of Jakob’s ‘findings’ with a tweet that probably did not require five iterations: “An article by Jacob Nielsen on how to take all the spontaneity and humaneness out of your tweets in five easy steps…”

Granted, at least one iteration more might have helped in his case to get Jakob spelled right.

The fact is, Jeff hit it on the head. If you’re writing down your tweets and re-writing them repeatedly to maximize some sort of marketing message, you’re not tweeting. I’m not sure what you’re doing, but I’ll bet that most people that see the message can see what it is, canned artificial crap. You don’t have a medium of micro-messages just to waste all the time and effort of a proper e-mail or blog post on a single sentence. Spending that effort on the message not only is contrary to the purpose of the medium, it’s counterproductive when the end result is what Nielsen presents, complete with shouting-style caps, months in parentheses, and different wording to make it “punchier.”

I’m going to say Jakob Nielsen does not know what “punchier” actually means. If he did, useit.com might not look like a canary got stuck in a mid-90′s school administration newsletter.

Tweet how you like, but if you spend a half-hour at a time maximizing your tweets in some sort of business formula, don’t be surprised when people stop paying attention to your massaged marketing attempts.

As we’re about to learn, being wise and making wise choices do not always go hand in hand.

Today’s comic imagines Jakob Nielsen and Bruce Schneier intentionally exposing themselves to danger in a gladiatorial arena (overlooked by a Caesar-esque Dave Shea) with the predictable results. Sadly, this scenario reflects reality (with a little editorial excess) in a way that shocks me.

Let’s lay out the recent events.

Jakob’s Suggestion: Let’s Unmask Passwords

On June 23rd Jakob Nielsen proved he’s not done making poor recommendations in the name of usability. This time the victim is not design, however. Instead, he firmly takes a swing at security by recommending that passwords become unmasked, leaving naked all the strange alphanumeric combinations that we strive mightily to remember every time we want to visit naughty sites, check our email or bid on a rare 1920′s lampshade online.

He makes some assertions while recommending this course of action. First, that people rarely look over shoulders. Second, that you’re alone in your office. Lastly, he names two “costs” that these cause, one being that users don’t trust sites that mask password fields and the second that masked fields result in weaker passwords. He ends this list of errors by suggesting we do away with the masking altogether, and dance widdershins under the stars in a deep forest clothed in naught but our own sweat.

For the sake of avoiding a stoning at the hands of security experts, he does make an offhand suggestion of offering a check box to allow masking for public situations, but this is said in an afterthought that shows how little he worries about such a trivial thing as someone with both curiosity and eyeballs noticing you typing things on your monitors.

Dave Shea’s Suggestion: Let’s Have A Smackdown

I might have spent my remaining years ignorant of his “suggestion” (might I take some liberties and call it a mad raving?) of tossing away one of the final barriers of security in exchange for a marginal increase in usability. However, Dave Shea took the impetus to make a comment about Jakob’s strange post on Twitter, for which I thank him.

He then followed with a comment replete with inspiring concepts: “A Bruce Schneier / Jakob Nielsen smackdown would be, frankly, awesome.”

It’s moments like this that I wait for, mouth watering with anticipation as I crawl through the many tweets and blog comments of the web design sphere of opinion. Immediately I imagined a savage competition between these two notables where Jakob’s naivety costs him in a contest against the security expert Schneier. These sort of daydreams translate easily into a comic, and furthermore align with something about which I found myself holding a strong opinion. This sort of conjunction almost always sends me scrabbling to my mad laboratory, where I harness arcane shapes into vector imagery and stamp it with the mad wisdom of the stars.

The Twist: Bruce Agrees With Jakob

However, it was only on July 26th that Bruce did something I don’t think Dave expected when he made his tweet, and certainly wasn’t in my realm of anticipation. He agreed with Jakob.

Thankfully, I was able to adapt this change of circumstance to my comic’s needs.

However, I’m not about to alter my opinion on the topic. Namely, that I think this suggestion is madness.

In short, it appears to me that Jakob and Bruce assume that exposed passwords are a non-issue because firstly criminals don’t hover over shoulders and secondly that privacy when surfing a website is a guarantee.

Problem #1: Enabling Criminals Of Convenience

Let’s cross out the consideration of serious hacker types for a moment. These aren’t the sort of individuals that need to see you typing your password to steal your stuff. They’ve got mad skills, and are probably busy right now taking your credit card information off a hard drive the U.S. Government accidentally sold to a spare parts reseller. But amateur no-gooders and opportunists need all the help they can get. They may not plan on stealing wi-fi access, but if they see you typing a password in the cafe they just might take advantage of it.

Unmasking the passwords by default creates a situation where Average Joes are given a lot more temptation to misuse the information they’re casually overseeing. We’re a curious, slightly selfish race. Give us the chance and we’ll be exploring things we shouldn’t. This is probably why emergency room doctors drink heavily after workdays involving gentlemen walking funny who whisper about the need for extreme secrecy when dealing with their medical “emergency”.

Problem #2: Privacy In The Home Is An Illusion

We’ll jump past the criminal concern, however, to look at the privacy issue. For the average American (and even more so for the average human) privacy isn’t a guarantee, and rarely exists when accessing a computer terminal. On the home front you often have spouses, siblings, parents and children all about as you log onto email accounts, purchase music via iTunes, check your bank account, or make a purchase for a pizza or a movie. Although I’ll pretend that maintaining privacy between spouses isn’t a concern (although I suspect it is) we all know that kids will be kids, and that some siblings are less than circumspect in respecting your stuff.

How would you like to come home only to discover you’ve spent $40 on purchasing a couple of Brittany Spears albums? How about learning someone (probably a young someone) bought access to an adult movie on the cable box with your account? I’m not saying that kids can’t get access to something with enough effort, but I think that it’s a big step in the wrong direction when you remove such a simple barrier to that access, and by doing so it requires no effort on their part to act on a poor decision.

Problem #3: Private Office? What Private Office?

So privacy in the home is an issue. What about the workplace? I have a great job. I don’t work in a cubicle farm. But many office workers do, and have hundreds of co-workers with easily five or six sitting in cubes across the aisle who can see their screens.

School teachers often have their computers in the classroom next to students. Should they trust all their pupils to respect their privacy and not try to access staff-only functions or answers to an upcoming test?

Furthermore, more and more people are accessing websites in non-traditional spaces. When you’re packed on a subway car with dozens of commuters and you need to access a site on your smart phone, do you want to have to decide if you can trust the people squeezed up next to you?

I could come up with dozens of other scenarios. Jakob is trying to cast his recommendation in the light of saving us from “legacy” design by implying that we live in an era where security won’t be risked by removing masking. Bruce seems to agree, stating that shoulder-surfing is an uncommon activity and that the risk is outweighed by the annoyance of typing blind.

The Root Of The Problem: Outdated Assumptions On Where Websites Are Accessed

I say that instead these two are making assumptions about website usage that are outdated. Computers are being used by younger children with more sophisticated skills. Websites are increasingly accessed more by other devices like smart phones, in non-private spaces with dozens of potential observers. Privacy is a vanishing commodity, so to presume that an average scenario doesn’t involve potential prying eyes is foolhardy and risky.

Jakob said the following: “Users make more errors when they can’t see what they’re typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.)”

I’m going to call you out on this one, sir. That’s outright backwards. I feel less confident when I am entering a naked password in any environment, and strongly doubt the security of the site in question if required to do so. In fact, I’m likely to not use it at all. Why should I trust their other measures if they can’t even protect the password from passing eyes?

Perhaps username/password security truly need to be replaced by something both more secure and simpler to use. I’m not sure what that replacement technology should be. But I do know that we shouldn’t decide that usability trumps security and retrograde to exposing our passwords to John Q. Public.

No offense, John.

[Edit: Fixed the jump from #2 to #4 in the problem subtitles. Thanks, Elaine!]

(For those of you from hotter climes, I’m aware how weak this must seem. My town of origin, Redding, CA, easily tops 110 during the height of summer. However, it’s really hot compared to the local average.)

So perhaps I was suffering from heat stroke when I thought I heard a co-worker championing in conversation the use of blue, underlined text for all hyperlinks on all web sites. Anything else, they assured, was difficult, if not impossible, for your average Internet user to see or use. Without the vibrant blue (always backed up by purple for visited links) and the noble underline, these commoners of the web would be lost, incapable of navigating from page to page.

Balderdash. Poppy cock. Bullcrap. Etc.

Somewhere near the dawn of time, when the World Wide Web was a mewling infant homunculus suckling at the breast of Sir Timothy Berners-Lee, I’m sure all twelve people capable of browsing the twenty pages available on the web were barely able to comprehend the idea of a hyperlink. Blue, underlined text on a stark white background was likely the only thing saving their minds from imploding in horror at the thought of some elder gods prowling the phone lines and dragging their souls through the 14.4k modems they’d spent hundreds of dollars to purchase.

I’m positive, however, that in the years since then that the average netizen has come to expect a richer media experience. They may have even “tweeted” (and giggled when it first happened) about a funny thing they saw, and uploaded a picture from their phone of this very event. They’ve watched cats play on pianos via YouTube and wept in silent awe as they realized that they lived in the best of possible worlds.

If a hyperlink had the audacity to be a shade of orange, I think they might just be able to pick it out of the surrounding text enough to click on it. If, instead, the bright blue links were bold instead of underlined (on a page where only links received such treatment) users of the web just might posses the ability to tell that clicking on aforementioned text would result in them navigating to a new page instead of providing them with a can of tuna.

I choose to believe this because I have the honesty to admit that most people are in fact not total idiots. Yes, we wail and gnash our teeth at trying to help clients understand what a paragraph tag is. Sure, we’re hard-pressed to not swallow our own tongues when explaining for the fifth time to our grandparents how to send email. But to claim that there is only one way to mark a hyperlink in a way that a peer of the web is capable of recognizing is exactly like saying that every non-developer is a complete moron who is incapable of telling that a peach is a fruit because it doesn’t look exactly like an apple.

Today’s comic places Jakob Nielsen in a hypothetical scenario that illustrates my disdain of the position that he’s advocated in the past on this issue: If you want it to be usable, it needs to be blue (or purple if visited) and underlined. Period.

There’s a special kind of hubris associated with this sort of statement. I’ll accept that blue, underlined hyperlinks are easy to spot. I’m also going to say that green, underlined hyperlinks (on a page that lacks green, underlined text elsewhere) would also work as effectively. Or perhaps blue, bold text. I’m guessing that underlines generally help, but I think ultimately any combination of highly visible traits that exist only on the link text and stand out from the non-link text is going to do the job.

Why does this issue rile me up so badly? Because I’m tired of old wives tales of Internet wisdom on how a page must be made. Especially when these limit our ability to explore the cornucopia of designs or features that we can make on the modern web. Such wives tales that annoy me include:

“Your site’s content? Well, it’d better be short, because people won’t read long texts on a screen.” Tell that Amazon as they laugh like madmen while they sell Kindles like hotcakes.

“Text needs to be near-black on a white background.” Right, except when the opposite is easier on the eyes for certain applications (like Mozilla’s online editor Bespin.)

Someone’s going to be a wit and jump on the fact that this site’s links are blue and underlined. I chose the color because it matches the sky in the header, and I liked the feel I got from tying that color into the rest of the site. But take a look at Twitter or YouTube and tell me that you can’t find the links even though they lack underlines. Go to Apple’s site and tell me the menu isn’t clearly a menu even though it’s not blue. A well conceived design can communicate to the “average” person without having to assume it’s being used by idiots.

The web has grown up. Its users are growing with it. Let’s put aside the juice boxes and start treating them like adults.