Categories
Markel!

Effective Tutorials in Video Games

Aaron Gotzon on The Ontological Geek:

It is the responsibility of videogames to teach us how to play them. Before the game can even really strut its stuff, it has to play the role of teacher, and show us what plastic-thingies do which murdery-kill-ma-bobs.

More than that, the tutorial has to be woven into the game in such a way that it doesn’t manage to detract from the game itself, or distract from that immersive element which is key to most experiences of fiction. In the ‘biz we call it “suspension of disbelief.”

What about your web application? How does it teach users to use it? As with games, there are universal concepts, such as typing, clicking, and related actions that all computer users know to do.

But when it gets down to learning how to use the actual application, how could you teach that person to use the application in a gradual and natural way? For example, what if WordPress had a user only be able to create a title and a post body the first time? Then the second time, the user is told how to add a tag or use a category—and you added little bits each time they used it?

Of course, power users don’t need this, but people who are new to an app and might not have a bunch of computer experience outside of using email or Office might be completely overwhelmed the first time they use your app.

Categories
Markel!

Logins: Roll Your Own

We know now that Mat Honan’s account compromise was due to bad policy at Apple for allowing account access, but this bit from Daniel Jalkut’s post about the situation holds true regardless:

One way to protect yourself is by declining to delegate authentication to third parties. When enrolling in a new service that offers Twitter or Facebook authentication, I usually go through the nuisance of creating a new account instead. That way I can choose a unique passphrase, and store that in my keychain. I prefer this to allowing numerous items to be implicitly added to my Twitter or Facebook “keychain.” Don’t put all your eggs in one basket, as they say. (Well, that’s what I’m doing with my keychain, but I am empowered to personally protect it and to back it up as I see fit.)

This is a strong argument against permitting multiple login “vectors” from social services to your web service. It’s a good idea to permit connecting to these services so your service can leverage things like contacts and posting access but a bad idea to permit authentication from these services.

And you should never use the same password twice across services. The last.fm/LinkedIn password craziness should have taught everyone that.