In Password Vault 3, passwords have 7 fields: Description, Username, Organization, Password, Email, URL, and Comments. Six of these should be self-explanatory. But what about the Organization field? This field is simply another field that can be AutoCompleted and that can be used to hold an additional piece of information. Where did the name come from, though?

 Turn the wayback machine to late 2004/early 2005, less than a year before development began on Password Vault 3. Like many other people, I was using Password Vault 2 at the time, and that version only had three password fields: Description, Username, and Password—and only the last two could be AutoCompleted. This system worked for me the majority of the time, but there was one web site that required three fields: WebAssign, which I was using for my Physics course (I was still in school at the time). WebAssign needed your username and password as well as your "organization," which I believe was the name of the school (Update: It looks like WebAssign renamed that third field to "Institution" at some point in the past five years). It annoyed me that I wasn't able to AutoComplete that third field, so alas, in Password Vault 3, the Organization field was added. Taking the name of the field from the WebAssign login form perhaps wasn't the best idea, but I wasn't sure what else to call it. And naturally, by the time that field was added and the new version of Password Vault was released, the Physics course was over, so it was never even used for its original purpose. But that is where the name came from.

The Organization field will be carried forward into Password Vault 4. In addition, a number of custom fields will be added; you can name these whatever you like. At some point in the future, I may convert the Organization field into another custom field so that it can be renamed if so desired, but I don't know when that will happen yet.

Here's a quick survey that you can answer in the comments: Do you ever use the Organization field? Did you know what it is for? What would you have named it?

If you have ever set up expiration dates for your passwords using Password Vault, then you know what I am talking about. Every two hours a window pops up saying that you have passwords that have expired or are about to expire. The window usually steals focus from whatever you were working on. This can be an irritating experience. After all, stealing focus is a big no-no in UI design. If you are designing software, then memorize this rule: don't steal the user's focus. So why does Password Vault do it? Well, it could be argued that passwords expiring can be a serious situation (depending on how important the passwords are), so an aggresive UI is warranted. But the main reason I thought that Password Vault could get away with it is that it really only happens temporarily. Once you change your password, you won't be bothered any more.

To tell the truth, I receive very few complaints about this UI, so maybe this reasoning is sound. (If you have strong feelings one way or the other, please share them in the comments.) But I personally find this window's focus-stealing behavior quite objectionable. And I see it often enough (because I use my own product every day), that I realized that a change had to be made. So what could be done to make the Expired Passwords interface less annoying?

To begin answering that question, I first looked into alternative types of interfaces. One of the main requirements of the Expired Passwords interface is that the user must be able to see it whether the main window is visible or not. Besides a window, the only type of interface that would work in both situations is a notification balloon (to be shown from the Password Vault icon in the notification area). Balloons can be very useful, but they can also be easily abused by developers, and indeed they are. In general, users don't like balloons for this very reason. They dislike them so much that Microsoft has listened and is taking action in Windows 7 (the next version of Windows). Specifically, all notification icons for programs will be hidden by default; users will have to explicitly choose which icons they want to see. No icons means no balloons by default. Additionally, Windows will disable all balloons for the first few hours the first time Windows is run. The idea here is to curb the avalanche of advertisements and other superfluous messages from software (affectionately referred to as "crapware") that comes pre-installed on new computers. So because Windows 7 users might never see them, I decided that balloons were not the way to go.

So we come back to the Expired Passwords window. Aside from the focus-stealing, the current Expired Passwords UI is not too bad. It's simple and it serves its purpose. So I made the decision that Password Vault 4 will use essentially the same UI with some slight modifications. An Expired Passwords window will still appear every two hours when you have passwords that need to be changed, but instead of coming to the foreground, it will flash in the taskbar. This way, it can still get your attention, but it will do so in a way that won't forcibly interrupt your work. There will also be some additional minor improvements made to this window and to the entire Password Expiration subsystem to make them more informative and intuitive to set up and use.

If you read this article expecting me to describe huge, sweeping changes that will be made to the Expired Passwords interface, then I'm sorry if you were underwhelmed. But good design involves knowing when to make changes as well as how to make changes. And I really believe that this solution will be best for the users. But Password Vault 4 will have many exciting new features, and I will cover a number of these in future posts.