Confirm your password

Any user has repeatedly encountered forms for registration, where you need to specify a login and password. What pitfalls can wait for a designer of such forms?

A typical working day at a defense company.
A man of 40 years old comes, who, by the way, teach computer literacy courses, and asks to help him with another regular change of passwords. Something did not work out for him. I come to his office and ask him to show what and how he does to find out what the problem is. A standard window.
Enter the old password: he enters.
Enter a new password: he enters a new one.
Confirm your password: he writes on the Russian keyboard: "I do confirm".

You can laugh a long time about this man from the quote, but his example very well shows the drawbacks of the design approach. Tell me, did you ever see a paper questionnaire, in which instead of the field "Name" was written "Enter the name"? Met a button with the inscription "Click to send" instead of the obvious "Send"? So what makes people write "Enter password" and "Confirm password"?

This is a common fear that the user "does not understand". The user, in fact, sometimes really does not understand. However, as a result of excessive concern for some users, the designer is no longer understood by others. It is impossible to take into account everything, and therefore this approach is incorrect. If it is not obvious to a person that you need to enter his password in the field with the signature "Password", then this is a problem of his computer illiteracy.

The obvious and the best solution is the caption "Password again".

One more thing

There is another curious mistake. Some websites and applications sometimes ask to confirm the password in completely unexpected places. The author got accustomed to the inexpensive DIR-300 router of D-Link company, and here's what you can find in its control panel:

The mistake is in duplicating the "Password" field where it is absolutely unnecessary. After all, what is confirmation used for? It is for the user, to prevent him from a mistake at the time of registration: otherwise he will not be able to log into the system later.

In this case no registration takes place. The user is already in the control panel of the router and can change any settings without limitations, including passwords. There is no danger in entering the password incorrectly: when you connect to the Internet, the system, if a case, will notify you.

Second password field in this case can be safely removed.

Home alone

An interesting improvement to password protection is the "Hide Password" checkbox.

Passwords are hidden by asterisks or dots, so that they can not be seen by a third party. However, the user, when he registers somewhere, is often alone. In this case, it is not necessary to hide the password, and, therefore, it is not necessary to ask to enter it twice.

Checkbox "I'm at home alone" would be a very convenient solution.

Emailing passwords

As for sending a password to an e-mail, this can be allowed only with the permission of the user. The author regularly removes all messages from the sites that send the password in plain text. Otherwise, hacking the mail will result in that the attacker will know all the user's passwords. And to find out the password is not the same as resetting it through the mail.

Passwords should not be sent via email.