Web forms: Is “repeat password” an obsolete field?
17 January, 2012
It’s still necessary or not the “repeat password” field on an user registration form?
In one of our last meeting about a project we are working on with sonic team, this question arose.
It’s an unnecessary nuisance, an outdated practice or is for a better user experience?
Some arguments to defend its existence:
- There is more confidence that the user entered the password correctly due to the redundancy of the field.
- Due the “Password” field behaviour, user can only see asterisks or dots, so it is logical then that the user can make mistakes.
- Users are “used” to complete this field, it’s a convention.
Arguments by which I think is no longer necessary:
- Why duplicate the trouble to complete this field to all users, when people that misspell password is a minority?.
- It doubles the chances of making a mistake when typing a second time in the field of testing, which would force repeat the action again without need.
- If there was an error creating the password, user can always retrieve it. For that reason exists a recovery link or system on every site.
- The form is more friendly to complete, since there are fewer requirements, fewer options, it looks more “short” and is completed more quickly.
As in this example.
- Temporarily allow users to view the entered password (as seen in the example above).
- Upon finish the registration process, an email is sent to validate e-mail account entered and it may include the user’s password, so the user have a record in case of a typo error so he/she can enter without problems.
- Finally, the validation link included in the mail could automatically login the user to avoid any initial frustration.
Another prestigious site as A List Apart or eminences, as Jakob Nielsen, web usability consultant, have already published critics and alternatives in the treatment of password related security issues, and how old practices inherited as the password masking, can be detrimental to the usability and hence your business.
Examples of sites that do not use the redundancy of the password field:
Time to change the conventions? What do you think?