Online security is a hot topic in this age of computer hacking and information leaks. But it's also a two-way street. Web designers and managers must do all they can to ensure safe transmission of information. And, users should do their part in coming up with passwords that are not easily detectable.
Here's a look at how both sides can work together in keeping transactions secure.
What's the Password?
It's alarming to see how many people use silly or obvious online passwords. As Georgia Wells reports for The Wall Street Journal, California applications company SplashData dug through more than 2 million leaked passwords in a 2015 study. The company found that half-hearted ones were the most popular: “123456,” “password,” “qwerty” (the first six letters on most computer keyboards). Not terribly original, and therefore not terribly safe.
Here's how SplashData chief executive Morgan Slain described it in a statement: “We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers.”
What makes a good password? At SmarterSelect, we incorporate an eight-character minimum password, and one of those must be a number. We've found this to be a point of balance for password security and a positive user experience.
The Confirmation Field
For web developers, how users set up their passwords can be problematic. The “confirm password” field in particular can trip up users and cause them to abandon sign-up forms. A story by UX Movement makes it plain with the headline: “Why the Confirm Password Field Must Die.”
The intent behind the field is sound enough. If the user types in a password, then again in the confirmation field but with a typo, the process stops. The typo has to be fixed before the next step occurs.
UX references a study by Formisimo, which found that the confirm field was the spot where more than 25 percent of the people who bailed on the sign-up process got stuck: “Once they removed the confirm password field and replaced it with an unmasking option, the number of user corrections decreased. Not only that, but it increased form starts, completions and the conversion rate.”
The right move, according to UX, is not to just eliminate the confirm field, but to unmask it, so that the user can see any typos. Or include a “toggle” option, which allows the password to be masked or not.
Secure, But Painless
That should be the goal for web developers and managers. Frustrating application forms translate into frustrating user experiences. And those kinds of experiences will take potential customers and clients elsewhere.
How to avoid all that? Jessica Enders examined it for sitepoint.com, recommending three steps for the log-in process.
User safety should be a top priority as businesses develop their application forms and log-in pages. SmarterSelect emphasizes security, along with a positive user experience. Achieving the balance between the two is essential for strong business interactions with customers.