We've created Zuko, our next-generation form analytics platform. Explore Zuko Explore Zuko > Hide Message

How to Reduce Password Panic Through Great Form Design

Conversion Rate Optimisation

Preventing password panic for users is an important consideration when designing an online form.

Forgotten passwords can lead to failed log-ins and lengthy resets that increase frustration and the chances of abandonment.

The average person has between 7-25 accounts that they log into every day. A great form must streamline the password process and ensure it’s quick, efficient and as error-proof as possible.

Our analysis of 45 gambling registration forms reveals that many companies could play the password game more effectively.

The table below shows the percentage of gambling forms which include specific password parameters:

Allows user to see password while inputting 38% 62%
Requires user to enter password twice 71% 29%
Uses a password strength indicator 18% 82%
Stipulates password requirements, e.g. one capital letter, one special symbol 80% 20%

Based on best practice, which I explore below, only one gambling website ticks all the password UX boxes. Betsafe allows password unmasking, doesn’t request confirmation, sets specific character requirements and shows a strength indicator.

But why is this considered the ideal combination to reduce customer frustration and, when consumed by password rage, why does it banish the urge to throw your laptop across the room?

1. Allow Password Unmasking

Traditionally, security has topped the list when it comes to inputting a password. Someone might be looking over your shoulder and memorising it: unlikely but that’s the warning message we’ve all bought into.

Replacing the letters, numbers and symbols that make up your password with a “•” is supposed to instantly eliminate any chance of password pilfering.

But think about it. If you’re at home, at your desk in an empty office or on a train with no one sat near you, what’s more important? The invisible pair of eyes that might see your password or your own time and energy?

Being able to see your password as you type it reduces the chances of error which increases the chances of a successful log-in and a straightforward, hassle-free route to access a website. It also helps with remembering passwords – seeing a sequence of symbols typed out on-screen will reinforce it and aid recall next time you log-in.

Leader in form design and Google Product Director Luke Wroblewski describes password-masking as a “… rut. A design pattern that has been around so long that no one thinks about it much. We all just go through the motions when assembling a log-in screen and add password-masking by default. Lost business and usability issues just come along for the ride.”

The solution is to offer users a choice: something only 38% of gambling companies do.

The simple way to present this choice is by including a show/hide button within the password field. The default setting can be either but the user can instantly switch between showing their password and hiding it with one quick click.

Someone approaching your screen? Quickly revert to the hide option.

Luke Wroblewski admits this password-revealing could take some time to get used to but believes that its UX value beats any “questionable security increases”.

2. Don’t Ask Users to Confirm Their Password

The unmasking technique can have a positive effect on another password parameter: the number of times users have to input their password when first registering on a site.

Again, history dictates that twice must be best as it recognises typos and alerts you to them.

But if you can see what you’re typing, you’re more likely to spot any errors and correct them without having to reconfirm.

Our own testing proved that including a confirm password field in your form can lower conversion rates. We found that over a quarter of all users abandoned their sign-up form and that it was responsible for hundreds of corrections.

Exchanging the confirm field for unmasking – not just excluding it – gave us the following results:

  • 14.3% more visitors started the form after visiting the page.
  • 56.3% increase in overall conversions.
  • 35.5% increase in the form completion among those who begin.
  • 23.9% decrease in the number of corrections made.

The images below show our form design before and after the change: one simple optimisation that had impressive results.

Ditching the confirm password field will reduce the time taken to complete a form and boost your conversion rates. 71% of gambling websites still include it but its usefulness has been eclipsed.

3. Limit Password Requirements and Make Them Visible.

If you have a favourite password format that’s easy to remember and not over-complicated, being asked to include upper case, lower case and special characters can be groan-inducing.

Password requirements are especially frustrating if they’re not obvious until after you’ve typed in your preferred combination of letters and numbers.

The key here is to make any requirements immediately visible and to limit the number of parameters that have to be met.

For example, Hootsuite has a pop-up box that appears as soon as you enter the password field. It tells you the three conditions that must be met clearly and simply, reducing the chances of an invalid submission and moving the user swiftly through the process.

4. Show a strength indicator

Strength indicators are used by just 18% of the gambling registration forms we analysed. Although not a significant influencer on conversions, indicators which show how weak or strong your password is considered to be, can raise awareness of security among users.

Research has shown that strength indicators act as a motivator, subtly encouraging users to think about their security as they are told that they could do better. Adapting a password until the “strong” message appears satisfies an innate desire to achieve.

Frustration with passwords has been documented as far back as 2004 when a survey showed that 80% of workers were “fed up” with them. UX improvements to the password field are helping to change this and as technology advances, alternatives are starting to emerge.

Biometrics is already being used by Amazon. Logging in to your account on an iPhone involves simply using your fingerprint via the home button. Uber goes one step further and allows you to create a password by placing your finger on a Touch ID sensor.

Other solutions include 2-factor authentication when you have a password and also receive a code on your phone for additional security. Social authentication allows you to sign in to sites using your Facebook, Twitter or Google details. And even no password authentication is emerging where you receive an email link to log-in, eliminating the need to remember anything.

Until these methods are more widespread, embracing our four tips for best practice will set up your form to tackle many password problems.