It would be easier to ask for a user's password only once during registration.
The problem: The user could make a mistake while typing the password once because of hiding letters.
The solution: The user could have a toggle button for showing or hiding the password.
Working example with toggling the visibility of the password. This approach could be used on the registration or login page.
Are there any benefits to asking a user's password twice during registration vs just not masking the password? Why would you ask twice?
P.S. Jakob Nielsen about unmasking the password:
- Users make more errors when they can't see what they're typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.)
- The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.
Update: I created a WordPress plugin which unmasks the password field. So you may use it if you want to.
Update 2: WordPress.com use same technique to show and hide password.
Update 3: Internet Explorer 10 added a toggle password visibility icon. It looks like this:
Update 4: Article about unmask password on smashingmagazine.
Update 5: Example with unmasking password on focus.
Answer
We should not ask for password twice - we should ask for it once and make sure that the 'forgot password' system works seamlessly and flawlessly
No comments:
Post a Comment