Over at IXDA, I came upon the following post:

Hello,

Someone I work for has a strange enhancement request which I do not agree with, but this person is the boss. I think in my gut, this is wrong.

Website: a user management system for secure student data. Clients are a little paranoid about passwords and user names getting out.

Behavior: when you select a user and want to reset his or her password, the resulting screen shows the user name, but then blanks out the password which you can only see by printing the page.

Blanking out the password seems silly since you can still see it if you print it out. Do people agree this is poor functionality? If so, is there any evidence to support my feeling that this is a bad idea?

I think the writer is smart to be asking for ways to back up his gut feelings about this particular client request. I would agree that the printing of passwords is not best practice, but I’m curious as to why this specific approach is being requested.

I’ve worked with clients who have made suggestions for solutions which didn’t make a lot of sense to me, but upon a deeper dive of their company culture and/or process, I was able to understand why that particular approach made sense to the client. As a consultant, I’m often brought in to solve or address a problem that the client can’t address completely on their own.

So while an outsider’s point of view can be valuable, it’s also important for consultants to listen carefully to requests and understand the underlying reasons for some of those requests. It’s pretty easy to walk into a situation and cite “best practices are xyz,” but sometimes best practices do not make sense for a particular organization. In fact, sometimes the “crazy” approach is the right one, for the right situation and the right company.

But then again, sometimes “crazy” really is just “crazy!”