Friday, September 4, 2015

Is a "repeat password" field necessary in a signup page?




Possible Duplicate:
Why should we ask the password twice during registration?



When designing a new and simplified signup page I got into an argument with a colleague about the necessity of the "repeat password" field.



We designed the signup process in such a way that the user will be logged in automatically after completing the email verification process. So, at least initially there will be no need for the user to enter their password. Therefore the user will only 'verify' the password when logging in the second time in case we omit the "repeat password" field.


We do have a "recover password" option so in the worst case the user could go through that process in case they mis-typed the password when signing up. But then again, how often do you mis-type your password?


Even the big players don't seem to agree on which way is the best...


Don't need to re-type the password:



  • Twitter

  • Facebook (although they require re-typing your email)

  • Dropbox


Need to re-type the password:




  • Yahoo

  • Reddit


Is this necessary?



Answer



I'm no UI expert but I think in many cases it is unnecessary. Certainly in my own experience it is rare for me to enter a password incorrectly. A better solution is to not have a password at all. Use one of the growing number of authentication providers (e.g., OpenId, Google, Facebook, Twitter, etc). Why does the user need another password for your app or site?


The technical users of your app will use a password generator and/or storage mechanism. The non-technical users will use one of the favourite throwaway passwords that they use for many different sites/apps. Better to just integrate with an authentication system they already use. There may also be other knock on benefits for your application such as integration into Google Apps if you use Google's auth.


If you do choose to require the user to provide a new password to your application then at least don't clear the password field on form entry error. Nothing is more infuriating than having a password field get cleared because you make an error in some other part of the form. You fix the error resubmit and then there is an error again because the password is missing. This drives me nuts. If you are concerned about echoing the user's password back in the HTML, don't. There are many other options. Encrypt it in the form, remember it in session state, use a dumby password in the HTML. Whatever, just don't force the user to enter it again!


No comments:

Post a Comment

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...