'Your password is invalid': Improving website password practices

Jan 31, 2012

Internet users are increasingly asked to register with a user name and password before being able to access the content of many sites. In their upcoming Ergonomics in Design article, "A Passport to UX – Design of Password Practices," human factors/ergonomics researchers Soolmaz Moshfeghian and Young Sam Ryu identify impediments to efficient password creation and provide design strategies for enhancing the user experience.

Because there is no standard method for setting up passwords, each Web site employs its own set of requirements and restrictions. After investigating the pros and cons of design-related features of the requirement and restriction practices of 90 popular Web sites, the authors found that more than half the sites failed to display password guidance prior to the first attempt. Users may receive multiple error messages if their chosen passwords do not line up with system requirements, which can lead to confusion and frustration for the user and increased operating expenses for system administrators.

The authors offer a number of recommendations for Web designers seeking to improve the : Provide users with password requirements prior to their first attempt; use clear and concise language to communicate the password requirements; present, at a minimum, length and character requirements; and avoid placing password requirements in the entry box.

"This study helps us gain more insight into the current state of password practices and helps create more intuitive and empathic interactions," said Moshfeghian. "Intuitive password practices lead to increased user trust and thus user sustainability. In short, the optimal goal is to humanize interfaces, make them as intuitive as possible, and bridge the gap between users and interfaces."

Enhancing user experience through effective password practices can have many benefits. A more user-friendly registration process may produce a larger number of successfully registered accounts, which can translate into increased sales and a more recognizable brand. Fewer failed registration attempts can result in reduced system maintenance, security, and recovery costs.

Explore further: Pfizer's 2Q profit sinks 79 pct but tops forecasts

Provided by Human Factors and Ergonomics Society

2 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Better passwords get with the beat

May 17, 2011

No password is 100% secure. There are always ways and means for those with malicious intent to hack, crack or socially engineer access to a password. Indeed, there are more and more websites and databases compromised on a ...

Tired of Passwords? Replace Them With Your Fingerprint

Sep 14, 2004

If you're like most people, you have more than a dozen passwords and user names to remember. Whether you're checking your e-mail for new messages, catching up on the news, posting to a Web discussion group, ...

Apple patent sends password secrets to adapters

Jan 06, 2012

(PhysOrg.com) -- First-time computer users in the early days, pre-hacking security traumas, were confronted with a new life requirement: creating and remembering system passwords. Not too easy, users were ...

Recommended for you

Security CTO to detail Android Fake ID flaw at Black Hat

8 minutes ago

Where have you heard this before: A team of security researchers discover a security flaw in Android devices. This is, however, news. This time, experts are talking about a flaw that involves a widespread ...

Chinese smartphone makers win as market swells

2 hours ago

Chinese smartphone makers racked up big gains as the global market for Internet-linked handsets grew to record levels in the second quarter, International Data Corp said Tuesday.

Full appeals court upholds labels on meat packages

2 hours ago

(AP)—A federal appeals court has upheld new government rules that require labels on packaged steaks, ribs and other cuts of meat to say where the animals were born, raised and slaughtered.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Twin
not rated yet Jan 31, 2012
I hate being told that my password is "not complex enough" or my first name is invalid (J.) I wouldn't mind a warning, but after that, it should be my option.
The fact is that hackers seldom break into individual accounts. They would much rather reach mass data that resides at levels deeper than passwords.