I’m not a big fan of password confirmation in signup forms. Usually you see something like this:
For one thing, the more items in a registration form, the more you’re turned off from signing up. Reducing the form above by 25% would do a lot.
For another thing, it’s annoying to retype information when you shouldn’t have to.
The point of password confirmation as I understand it is this: you may be signing up with someone untrustworthy looking over your shoulder. For this reason, the password you input is not echoed to the screen. As a side effect, this makes it harder to notice typos. Since typos effectively mean locking yourself out, you’re required to type the password again to lessen the chances.
One problem is that while this will catch a one-off slip of the fingers, it won’t stop you from making consistent typos. So if you have butter fingers and press “s” instead of “a” twice over, tough luck. My main annoyance with password confirmation, though, is simply that – for me, and I should think most people – the more common usage case by far is signing up in private, not with people peering over my shoulder.
An alternative solution
For a site I’m developing, I came up with something I like better. In short: echo the password back to the user in a single input field with no confirmation, but make sure to inform that this happens, and offer a non-echoing, confirming form as well. I’m sure I’m not the first person to think of this, but I can’t recall ever seeing this on a site.
So instead of the four-field behemoth above, the user is seduced by something like
The link informs that the password will be echoed in clear text and also offers a way to toggle this behavior. I think the link text, “Don’t show what I type”, pulls that off very succinctly. It was a key point for me to not replace the annoying confirmation field with an equally annoying half-page essay, while still making it reasonably clear what’s going on lest you type your password in clear text in front of Stranger Danger.
The toggle brings you
Below is the significant part of the
users/new.rhtml Ruby on Rails view I use for the site I’m developing. I added this as a proof-of-concept and haven’t yet taken the time to ensure valid XHTML and do much tidywork. Still, please do suggest any improvements.
id="password_label" node is available in the DOM.
this in the code refers to that node.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48