7 Password Creation & Recovery
FrustrationsEvery Designer Should Know About
@UserTesting | 800-903-9493 | [email protected]
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Password creation and retrieval can be a painful activity.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
What’s more, a frustrating sign-in experience can prevent users from returning to your site.
To make it easy for users to sign up and keep signing in to your site, take a look at these common user frustrations and their solutions.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Frustration #1:Missing instructions
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
It’s no fun for users to enter the password of their choice, only to receive an error message stating that the password didn’t meet the requirements, which were never described in the first place.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Solution:Make all password requirements clear from the beginning.
Be sure the requirements aren’t in the form field itself, where they will disappear when the user starts typing.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Clearly stating the requirements saves time and sanity for your users.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Password strength meters indicate whether a user has successfully met all the requirements, and they’re a good motivator to choose a strong password.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
The meter on the left tells me at a glance that this short password isn’t going to cut it.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Find out what users think about your site or app’s password requirements! Watch over the shoulder of a real person as they create a password for the very first time, or attempt to navigate your password reset process.
Give UserTesting a Try
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Frustration #2: Overly complex requirements
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
A lot of websites require passwords to contain a certain level of complexity to increase security.
Complexity alone doesn’t always make a password secure.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
For example, “Orange1!” is a pretty weak password. It would be easy for a computer to crack, even though it could be difficult to remember.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Plus, complex passwords are especially irritating and difficult to type on mobile devices.
Mobile keyboards make numbers and capital
letters prone to error.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Solution:Rather than enforcing strict complexity parameters, consider using length requirements.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
A Carnegie Mellon University study shows that 16-character, simple passwords perform better against brute force attacks than 8-character, complex passwords.
The effectiveness of long passwords is also illustrated by this popular cartoon.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Frustration #3: What happens when the user
doesn’t follow instructions
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Even if you specify the password requirements up front, some users will try to choose a password that doesn’t fit the parameters you set.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Solution:When this happens, make it easy for the user to understand and fix the error. Clearly explain which requirement was missed and what the user should do to correct it.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
This error message isn’t very helpful.
How do I know what I did wrong?
With this message, I know exactly
what to fix.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Finally, if the password doesn’t meet requirements, don’t allow your signup form to erase all of the information the user entered!
It’s bad enough to get an error message for creating a weak password; it’s much worse to have to fill out every field on the form to make a second attempt.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Frustration #4: Typos in the password
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
If a user types in a password incorrectly, then they won’t be able to sign in with the password they thought they created.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Solution:To prevent this problem, many sites require the user to enter their chosen password twice. While this catches typos, it’s not the most pleasant user experience.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Alternatively, you can unmask the password (or at least give the user the option to do so).
It’s relatively rare for users to have their secure information stolen by a person looking over their shoulder at the moment of password creation.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
With an unmasked password, users can double-check to ensure they’ve entered everything correctly.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
This signup form allows users to unmask the password, and it clearly shows which requirements have been met.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Frustration #5: No clues about the original
password requirements
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Some websites have very specific password parameters that users won’t necessarily remember when they go to sign in.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
This error message doesn’t give me any specific clues about what I did wrong.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Solution:Except on sites with very high security concerns, it’s a good idea to display the password requirements after the first failed attempt at sign-in.
It’s also helpful to indicate whether the username or the password was the culprit for the failed sign-in.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Frustration #6: Unclear retrieval steps
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
If the user doesn’t understand what to do next, or where the password retrieval link will be sent, they’re not as likely to return to your site.
Either they’ll become irritated and avoid it on purpose, or they’ll simply give up and forget about it.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Solution:Be clear from the beginning about which email address is associated with the account.
For added security, you can mask portions of the email address, as in the following example:
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Frustration #7: Emailing the forgotten password in plain text
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
It’s never a good idea to include a password in an email, which can easily be intercepted. It’s much more secure to send a link to reset the password.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
If your site has fewer security concerns (say, a recipe sharing community) it may be tempting to think this rule shouldn’t apply.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Always consider the fact that users are especially likely to reuse weak passwords on sites like this.
A hacker who intercepted the email would likely gain the credentials for many other sites.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Besides, it’s always best to hash and salt passwords, which prevents website owners — or hackers — from “looking up” a lost password.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
It may come as no surprise that the best way to find out how users will feel about your password creation and retrieval process is—that’s right—to test it!
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Users have different expectations about password requirements and usage depending on the type of website: for example, a bank vs. a social network.
To find the right balance of security and ease of use, ask users directly through surveys and user tests.
7 Password Frustrations
@UserTesting | 800-903-9493 | [email protected]
Find out what users think about your site or app’s password requirements! Watch over the shoulder of a real person as they create a password for the very first time, or attempt to navigate your password reset process.
Give UserTesting a Try
www.usertesting.com@UserTesting | 800-903-9493 | [email protected]