'Your password is invalid': Improving website password practices

January 31, 2012

Internet users are increasingly asked to register with a user name and password before being able to access the content of many sites. In their upcoming Ergonomics in Design article, "A Passport to UX – Design of Password Practices," human factors/ergonomics researchers Soolmaz Moshfeghian and Young Sam Ryu identify impediments to efficient password creation and provide design strategies for enhancing the user experience.

Because there is no standard method for setting up passwords, each Web site employs its own set of requirements and restrictions. After investigating the pros and cons of design-related features of the requirement and restriction practices of 90 popular Web sites, the authors found that more than half the sites failed to display password guidance prior to the first attempt. Users may receive multiple error messages if their chosen passwords do not line up with system requirements, which can lead to confusion and frustration for the user and increased operating expenses for system administrators.

The authors offer a number of recommendations for Web designers seeking to improve the : Provide users with password requirements prior to their first attempt; use clear and concise language to communicate the password requirements; present, at a minimum, length and character requirements; and avoid placing password requirements in the entry box.

"This study helps us gain more insight into the current state of password practices and helps create more intuitive and empathic interactions," said Moshfeghian. "Intuitive password practices lead to increased user trust and thus user sustainability. In short, the optimal goal is to humanize interfaces, make them as intuitive as possible, and bridge the gap between users and interfaces."

Enhancing user experience through effective password practices can have many benefits. A more user-friendly registration process may produce a larger number of successfully registered accounts, which can translate into increased sales and a more recognizable brand. Fewer failed registration attempts can result in reduced system maintenance, security, and recovery costs.

Explore further: Better passwords get with the beat

Related Stories

Better passwords get with the beat

May 17, 2011

No password is 100% secure. There are always ways and means for those with malicious intent to hack, crack or socially engineer access to a password. Indeed, there are more and more websites and databases compromised on a ...

Tired of Passwords? Replace Them With Your Fingerprint

September 14, 2004

If you're like most people, you have more than a dozen passwords and user names to remember. Whether you're checking your e-mail for new messages, catching up on the news, posting to a Web discussion group, or playing games ...

Apple patent sends password secrets to adapters

January 6, 2012

(PhysOrg.com) -- First-time computer users in the early days, pre-hacking security traumas, were confronted with a new life requirement: creating and remembering system passwords. Not too easy, users were warned, to protect ...

Recommended for you

US prepares to cede key role for internet

September 29, 2016

The US government is set to cut the final thread of its oversight of the internet, yielding a largely symbolic but nevertheless significant role over the online address system.

Android's Nougat update isn't flashy, but still pretty handy

September 28, 2016

Nougat, Google's latest update of its Android smartphone software, isn't particularly flashy; you might not even notice what's different about it at first. But it offers a number of practical time-saving features, plus a ...

Disabled man gets license, shows driverless tech's potential

September 28, 2016

Former Indy Racing League driver Sam Schmidt has done a lot in the 16 years since an accident left him paralyzed from the neck down. He runs a racing team and a foundation. He's raced a sailboat using his chin. But the man ...

Microsoft teams with Bank of America on 'blockchain'

September 27, 2016

Microsoft and Bank of America Merrill Lynch on Tuesday announced they are working together to make financial transactions more efficient with blockchain technology—the foundation of bitcoin digital currency.

Pilots, air traffic controllers shifting to text messaging

September 27, 2016

Airline pilots and air traffic controllers are on schedule to switch to text communications at most of the nation's busiest airports by the end of the year, a milestone that holds the potential to reduce delays, prevent errors ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

Twin
not rated yet Jan 31, 2012
I hate being told that my password is "not complex enough" or my first name is invalid (J.) I wouldn't mind a warning, but after that, it should be my option.
The fact is that hackers seldom break into individual accounts. They would much rather reach mass data that resides at levels deeper than passwords.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.