As I was researching my fun UXFAIL post this week I came across a kind of mini-meme: the Angry Password Message:
I have two massive issues with passwords.
Crazy validation rules
Yeah, I’m looking at YOU iForgot. When I first got my iPhone 5 it took me 30 mins to do anything. Why? I had forgotten my iTunes password and I had to reset it but it took me forever to construct a valid password that contained 1 upper and 1 lower case letter, a number, no two consecutive characters the same etc etc. If you want to hack into my iTunes account and steal my copy of this album then my password is: Ifuckinghateitunes6. Aye, you won’t be forgetting that in a hurry!
ARRRGHHHHHHHH! Why! This is a huge anti-pattern that should have died in 1978 but persists, a bit like the Rolling Stones, or mould. Whenever I design a signup/login form, I make passwords visible by default:
And seeing what you’re typing is even more important on mobile where data input is a nightmare.
Having said all that I acknowledge how important security is. I had my Twitter account hacked by ISIS wannabes.
I now have double authentication!
And here’s the contention: should the system force the user to choose a ‘secure’ password or is the burden of responsibility on the user? Is the ideal free’n’easy password creation and if security is super important, double authentication?
What do you think?