Hello,
Waiting 45 seconds to re-enter your password can be frustrating. However, today I was busy during those 45 seconds because I entered the password from another website. I was changing my password on the other site.
My suggestion:
If the password is incorrect (presumably if the user-name is incorrect too to avoid a distinguishing attack), perhaps the intermediate screen should post suggestions for good security like:
If you accidentally entered the password from another website, you should go change that password now.
If your
Password is on this list: you should change your password.
If your password is on
this list: you should change your password.
You should write your passwords down or keep them in a key-ring. Your passwords should be randomly generated. (This one will be controversial: however I think advice to never write down passwords results in password re-use or forgotten passwords).
Edit: Removed Facebook link for top 25 list. I have no idea why a major news organization would link to a facebook page rather than a press-release. I have one theory: to keep the masses ignorant and dependent on them.
