Password creation and retrieval can be a painful activity.
What’s more, a frustrating sign-in experience can prevent users from returning to your site.
While password creation might seem like a minor issue, it can make or break the experience for the user (which equals conversions for you). To make it easy for users to sign up and keep signing in to your site, we cover the most common user frustrations and their solutions.
The 7 Things I Know About Cyber Security After 25 Years | April 2024
7 user experience password frustrations and how to fix them
1. 7 Password
Creation & Recovery
Frustrations
Every Designer Should Know About
@UserTesting | 800-903-9493 | sales@usertesting.com
2. 7 Password Frustrations
Password creation and retrieval
can be a painful activity.
@UserTesting | 800-903-9493 | sales@usertesting.com
3. 7 Password Frustrations
What’s more, a frustrating sign-in experience
can prevent users from returning to your site.
To make it easy for users to sign up and keep
signing in to your site, take a look at these
common user frustrations and their solutions.
@UserTesting | 800-903-9493 | sales@usertesting.com
6. 7 Password Frustrations
It’s no fun for users to enter the password of
their choice, only to receive an error message
stating that the password didn’t meet the
requirements, which were never described in
the first place.
@UserTesting | 800-903-9493 | sales@usertesting.com
7. 7 Password Frustrations
Solution:
Make all password requirements clear from
the beginning.
Be sure the requirements aren’t in the form
field itself, where they will disappear when
the user starts typing.
@UserTesting | 800-903-9493 | sales@usertesting.com
8. 7 Password Frustrations
Clearly stating the requirements saves time
and sanity for your users.
@UserTesting | 800-903-9493 | sales@usertesting.com
9. 7 Password Frustrations
Password strength meters indicate whether a
user has successfully met all the requirements,
and they’re a good motivator to choose a
strong password.
@UserTesting | 800-903-9493 | sales@usertesting.com
10. 7 Password Frustrations
The meter on the left tells me at a glance that
this short password isn’t going to cut it.
@UserTesting | 800-903-9493 | sales@usertesting.com
11. 7 Password Frustrations
Find out what users think
about your site or app’s
password requirements!
Watch over the shoulder of a real
person as they create a password
for the very first time, or attempt to
navigate your password reset process.
Give UserTesting a Try
@UserTesting | 800-903-9493 | sales@usertesting.com
13. 7 Password Frustrations
A lot of websites require passwords to contain
a certain level of complexity to increase
security.
Complexity alone doesn’t always make a
password secure.
@UserTesting | 800-903-9493 | sales@usertesting.com
14. 7 Password Frustrations
For example, “Orange1!” is a pretty weak
password. It would be easy for a computer
to crack, even though it could be difficult to
remember.
@UserTesting | 800-903-9493 | sales@usertesting.com
15. 7 Password Frustrations
Plus, complex passwords
are especially irritating
and difficult to type on
mobile devices.
Mobile keyboards make
numbers and capital
letters prone to error.
@UserTesting | 800-903-9493 | sales@usertesting.com
16. 7 Password Frustrations
Solution:
Rather than enforcing strict complexity parameters,
consider using length requirements.
@UserTesting | 800-903-9493 | sales@usertesting.com
17. 7 Password Frustrations
A Carnegie Mellon University study shows
that 16-character, simple passwords perform
better against brute force attacks than
8-character, complex passwords.
The effectiveness of long passwords is also
illustrated by this popular cartoon.
@UserTesting | 800-903-9493 | sales@usertesting.com
18. 7 Password Frustrations
Frustration #3:
What happens when the user
doesn’t follow instructions
@UserTesting | 800-903-9493 | sales@usertesting.com
19. 7 Password Frustrations
Even if you specify the password requirements up
front, some users will try to choose a password
that doesn’t fit the parameters you set.
@UserTesting | 800-903-9493 | sales@usertesting.com
20. 7 Password Frustrations
Solution:
When this happens, make it easy for the
user to understand and fix the error. Clearly
explain which requirement was missed and
what the user should do to correct it.
@UserTesting | 800-903-9493 | sales@usertesting.com
21. 7 Password Frustrations
This error message
isn’t very helpful.
How do I know
what I did wrong?
With this message,
I know exactly
what to fix.
@UserTesting | 800-903-9493 | sales@usertesting.com
22. 7 Password Frustrations
Finally, if the password doesn’t meet
requirements, don’t allow your signup form
to erase all of the information the user
entered!
It’s bad enough to get an error message for
creating a weak password; it’s much worse
to have to fill out every field on the form to
make a second attempt.
@UserTesting | 800-903-9493 | sales@usertesting.com
23. 7 Password Frustrations
Frustration #4:
Typos in the password
@UserTesting | 800-903-9493 | sales@usertesting.com
24. 7 Password Frustrations
If a user types in a password incorrectly,
then they won’t be able to sign in with the
password they thought they created.
@UserTesting | 800-903-9493 | sales@usertesting.com
25. 7 Password Frustrations
Solution:
To prevent this problem, many sites require
the user to enter their chosen password
twice. While this catches typos, it’s not the
most pleasant user experience.
@UserTesting | 800-903-9493 | sales@usertesting.com
26. 7 Password Frustrations
Alternatively, you can unmask the password
(or at least give the user the option to do so).
It’s relatively rare for users to have their
secure information stolen by a person
looking over their shoulder at the moment of
password creation.
@UserTesting | 800-903-9493 | sales@usertesting.com
27. 7 Password Frustrations
With an unmasked password, users can
double-check to ensure they’ve entered
everything correctly.
@UserTesting | 800-903-9493 | sales@usertesting.com
28. 7 Password Frustrations
This signup form allows users to unmask the password, and
it clearly shows which requirements have been met.
@UserTesting | 800-903-9493 | sales@usertesting.com
30. 7 Password Frustrations
Frustration #5:
No clues about the original
password requirements
@UserTesting | 800-903-9493 | sales@usertesting.com
31. 7 Password Frustrations
Some websites have very specific password
parameters that users won’t necessarily
remember when they go to sign in.
@UserTesting | 800-903-9493 | sales@usertesting.com
32. 7 Password Frustrations
This error message doesn’t give me any
specific clues about what I did wrong.
@UserTesting | 800-903-9493 | sales@usertesting.com
33. 7 Password Frustrations
Solution:
Except on sites with very high security
concerns, it’s a good idea to display the
password requirements after the first failed
attempt at sign-in.
It’s also helpful to indicate whether the
username or the password was the culprit for
the failed sign-in.
@UserTesting | 800-903-9493 | sales@usertesting.com
35. 7 Password Frustrations
If the user doesn’t understand what to do
next, or where the password retrieval link will
be sent, they’re not as likely to return to your
site.
Either they’ll become irritated and avoid it on
purpose, or they’ll simply give up and forget
about it.
@UserTesting | 800-903-9493 | sales@usertesting.com
36. 7 Password Frustrations
Solution:
Be clear from the beginning about which email
address is associated with the account.
For added security, you can mask portions of
the email address, as in the following example:
@UserTesting | 800-903-9493 | sales@usertesting.com
37. 7 Password Frustrations
Frustration #7:
Emailing the forgotten
password in plain text
@UserTesting | 800-903-9493 | sales@usertesting.com
38. 7 Password Frustrations
It’s never a good idea to include a password
in an email, which can easily be intercepted.
It’s much more secure to send a link to reset
the password.
@UserTesting | 800-903-9493 | sales@usertesting.com
39. 7 Password Frustrations
If your site has fewer security concerns
(say, a recipe sharing community) it may be
tempting to think this rule shouldn’t apply.
@UserTesting | 800-903-9493 | sales@usertesting.com
40. 7 Password Frustrations
Always consider the fact that users are
especially likely to reuse weak passwords on
sites like this.
A hacker who intercepted the email would
likely gain the credentials for many other sites.
@UserTesting | 800-903-9493 | sales@usertesting.com
41. 7 Password Frustrations
Besides, it’s always best to hash and salt
passwords, which prevents website owners
— or hackers — from “looking up” a lost
password.
@UserTesting | 800-903-9493 | sales@usertesting.com
43. 7 Password Frustrations
It may come as no surprise that the best
way to find out how users will feel about
your password creation and retrieval process
is—that’s right—to test it!
@UserTesting | 800-903-9493 | sales@usertesting.com
44. 7 Password Frustrations
Users have different expectations about
password requirements and usage depending
on the type of website: for example, a bank vs.
a social network.
To find the right balance of security and ease
of use, ask users directly through surveys and
user tests.
@UserTesting | 800-903-9493 | sales@usertesting.com
45. 7 Password Frustrations
Find out what users think
about your site or app’s
password requirements!
Watch over the shoulder of a real
person as they create a password
for the very first time, or attempt to
navigate your password reset process.
Give UserTesting a Try
@UserTesting | 800-903-9493 | sales@usertesting.com