|The number of password fields to use|
One or Two?
| 9:28 am on Aug 31, 2007 (gmt 0)|
I'm having an interesting discussion (read: argument!) here about the number of password fields to use so I thought that I'd get some more opinions.
We have a feature where users can enter login credentials for systems (for example a username and a password is entered for a server which is stored on our system). I am saying that there should be 2 password input fields to trap users mistyping the password, the other side of the argument is that there should only be one. The user can then test what they have done and see if it works (our system allows users to test the credentials by trying to log into the target system).
I say that this is extra work and surely it's easier to make sure that the user has entered the correct password by making them enter it twice.
Which side of the argument are you? Why?
| 10:35 am on Aug 31, 2007 (gmt 0)|
If it's a persistent setting, then twice.
If it's an immediate, one-time login, then once.
Just my $0.02.
| 5:45 pm on Aug 31, 2007 (gmt 0)|
|I say that this is extra work and surely it's easier to make sure that the user has entered the correct password by making them enter it twice. |
And what would those ways be?
| 8:46 pm on Sep 2, 2007 (gmt 0)|
How about entering the password once, then testing it automagically before it is stored, re-displaying the form with error message if incorrect?
| 1:39 pm on Sep 5, 2007 (gmt 0)|
Thanks for the replies!
There seems to be a divided opinion on this, with pros and cons on both sides. For example, one pro of the double entry system is that if the credential does not work the user is more confident that the error is due to the credential being invalid rather than it being a mistype.
I'm leaning towards a third option. That is:
- A single password field,
- A checkbox that the user can click which displays the password that they have entered,
- An immediate test of the credentials is performed.
(1) addresses Duncanís concerns that people get annoyed entering things twice and may just make the same type in both cases.
(3) will check that the credential is actually valid and alert the user straight away that there is a problem (without them having to run a report or specifically hit the Test button).
[edited by: BlobFisk at 1:59 pm (utc) on Sep. 5, 2007]
| 4:11 pm on Sep 5, 2007 (gmt 0)|
I appreciate your interest in trying to make a user friendly system, I think you will just end up frustrating more people than helping them.
Login system are so standardized - everyone expects 2 fields: username and password. If you make any changes, you risk confusing people who probably login to multiple systems daily.
| 6:51 pm on Sep 5, 2007 (gmt 0)|
There seems to be some confusion here, and I'll be the first to admit that I'm one of the ones confused.
Let me see if I can restate the problem as I understand it:
1. We're talking about the user initially setting up their account here, NOT users logging-in to existing accounts.
2. The question is: go with the "standard" of requiring the user to enter the same password in two fields, to help prevent typos and misspellings, or instead to require the password be entered only once, but then immediately verify by going through a "login check".
The way the question is stated is a bit confusing, because it doesn't explicitly state that we're talking about the user initially setting-up their account, and it also implies that using the alternative, the user only has to enter the password once.
As I understand it, the proposed alternative still requires the user to enter the password twice but not on the same page, and - the second time - the system will do a log-in check and/or actually log the user in. So, they get immediate feedback that the credentials are now stored in the system, and were correctly entered.
A key feature, it would seem to me, is that if the login-check or actual login fails, the user is able to correct their password without having to start the whole process over again. (Possibly abandoning a user ID and having to choose a new one.)
Am I getting this right?