Passwords Need a Redesign

Are you like me, and can only reorder your mail order prescriptions from your Chrome browser on your home laptop because that's where your password is saved? Are you still unable to log into your health insurance site, experiencing years of being locked out, but unwilling to call their customer service number (again)? Can't get to your pay stubs now that you got a new work laptop?

Or best yet, were you working on one laptop in your house, but had to turn on your other laptop to grab your wireless network's authentication key so that you could use the Internet?

Such is my strange fate...but it's not so strange. This happens everyday to everyone. I just read an article on UX Booth that actually drew a flowchart of the many password-retrieval processes. Said article did not solve the problem (or cure cancer), but it was nice to know that I have a friend in frustration. 

Often, I've used the same standard authentication model because it is what is available to me (fabulous reason, I know, but judging by the flowchart, just as good as any). It seems fairly intuitive. Your username is your email address. Easy enough. Your password is auto-generated and sent to your email. The password is good for one login, at which point, you have to make a new password that adheres to specific rules. Then you can carry on and adjust your profile to your liking (if available). It works. (Unless you were using your work email, left your job, had your work email shut down and you've also forgotten your password. But let's not talk about that perfect storm, and let's remember to not misuse work email.)

Anyway, I digress. Short of using a password keeper of some sort (which seems strangely daunting), there's no single sign-on and no miracle solution. 

To fix this, here are a few things that will make your login screens easier.

Quick Tips for Less Annoying Authentication

  • The username is your email. (And remind the user this when they log in!)
  • As long as there's no key personal info or top secret stuff, please don't make any password rules like "must have numbers, capital letters, be this super-long, etc."
  • Require next to nothing to register and use gradual engagement (see more about this from the sign-up form master).
  • Login is in a rollover so you don't have to clutter the page or leave the page. Everyone should do this. Example:

Update

on 2011-01-29 03:39 by JMY

Another blog post about over-the-top password retrieval