Invalid username or password. Seems like a pretty simple message and we’ve all seen it. Sure, it’s a pain, but remembering passwords is one of the tiny aches of life on the web.

I have no problem with the error message as a whole. I only take issue with the or. If you have a site that includes a registration/login component, give as good a message as you can. Don’t leave the user wondering, “is it the username or is it the password?”

Login error message at NewsGator

Login error message at Backpack (by 37Signals)

From the programmers perspective, I see how the or came about. They are probably taking the username & password entered and checking them both against the database at the same time. How about grabbing the password that matches the username and then comparing it.

That way, if you don’t get a return for the username, you can say:

Invalid username.

And if you do get a username, but the password doesn’t match, you can say:

Invalid password.

(Extra credit: rewrite those error messages to be even friendlier).

I’m not a security expert, so maybe there is a reason that more sites don’t do this. But as far as I can see, it’s just an extra conditional statement. Your users will appreciate having one less thing to guess.

Today Fred Wilson writes about VC Radar: “When I first hear of a company I ignore it.” He’s quoting someone, but his point is that it takes a few times of hearing about someone before they decide it means something. This is probably similar to product adoption for consumers, too. We hear about this “new thing,” but it takes hearing it from a couple different friends before we give it a shot.

The quote reminded me of something I read about feature requests over the summer: “How do you track all these requests? You don’t. Read them and then throw them away.”

The idea behind this is that the really important issues/people/companies/products keep coming up on the radar again and again. Ignoring everything initially is certainly the simple solution, but it also feels lazy. And there are a number of examples I can think of where this isn’t a good idea (like, say, manning a RADAR station).

Overall, it does seem like a good way to focus on the important stuff. That’s really where simple solutions work.

I’m working really hard here to understand what makes people do stuff like… start a fan site, dedicated to an 11 year-old actress, written in ALL CAPS, embedded with a MIDI of a Billy Joel song, and obviously cared about for over a week (news page spans Aug. 5 – Aug. 14).

I think once I understand this, I’ll understand the Internet. Insights? Anyone?

Seriously, this artificial attachment to a famous person makes many sites, including the famous encyclopedia I help with, tick. It’s the same sort of enthusiasm that has made so many people leave BackFence comments (good and bad) for Memphis and Minneapolis on BestPlaces.

I may not understand why it is so, but it’s a great lesson about the web, business, and business on the web. Find your visitors’ passions. And let them express it.

If you’re a marriage therapist or landscape designer who needs colon hydrotherapy, why not try barter?

Seriously, the Internet continues to make it easier to connect people with complementary interests. If you’re low on dough, you can probably trade for the service you need at Barter Your Services (via Barry).

There is a sign in a local coffee shop that says, “There are 1.5 million people in Portland. Why are you still single?” Granted, that’s a joke, but when the pool of possibilities increase, so does the likelihood that you can find just the right person, whether for dating, colon hydrotherapy, or whatever else.

I received six copies of this spam from yesterday evening to now:

Hits 52 Week High and Still Climbing Strong.
We saw DKDY at $1.31 on Wednesday and we feel its going to $5.00 on unexpexted news.

“Unexpexted,” indeed. The stock had its IPO recently, so “52 week high” is true, though misleading. Nevertheless, the stock is at $1.87 today.

It’s possible the stock got there on its own merit, but it’s a little fishy that the company’s website looks like this:

I’m not saying the company itself did this. I can’t imagine this having long-term viability worth the time and money of an IPO. But someone is driving up demand by sending spam. And with only 600,000 shares, it seems like this wouldn’t be that tough with access to millions of email addresses. You only need a handful of schmucks.

If it weren’t so sleazy, it might be brilliant