views:

209

answers:

5

Simple question...I've noticed several large sites (Facebook, Twitter, etc) have ditched the idea of requiring new registrants to confirm their new password by typing it again.

Balancing usability and error-prevention effectiveness...is it better to require confirmation or not?

+6  A: 

I would say yes, it is a useful feature.

I've mistyped a new password on multiple occasions, and I'm glad the software caught it then, rather than later, since resetting or changing a password later is generally a cumbersome process (relative to just notifying me right then that it was wrong).

James McNellis
+4  A: 

I think it's excessive and here is a solution to show password on demand which provides an option to view the password if the user is in doubt. It improves usability and user experience.

Chandra Patni
yeah i like this idea...do you think non-savvy / paranoid users are okay with "disclosing" their password to their surroundings?
johnnietheblack
Since it is only on signup, I think if they thought they mis-typed it, anyone would feel comfortable enough to quickly "check" then "uncheck" the show box. I think this solution is really solid.
Doug Neiner
thats a good point, the quick flippy is probably how it'd go down.
johnnietheblack
The paranoids can also be assured that they can reset their password where instructions will be mailed to them.
Chandra Patni
This is an interesting solution, though I don't know that it's as straightforward as just having the user type his password twice. By forcing the user to click and unclick a checkbox, you make it slightly more difficult for him to simply tab through the fields without using the mouse. At least that's my first impression.
James McNellis
+1  A: 

I believe the confirmation is needed. We can absentmindedly mistype a password and later find it difficult to log in. It is better to put in some extra keystrokes during registration than later going through the whole cycle of resetting password or worse registering again. Prevention is better than cure.

Christy John
A: 

If you have a killer, super easy to use password reset system, then no, its not needed. If your password reset system leaves something to be desired, then go with either the confirmation or a solution like @Chandra suggested.

Doug Neiner
yeah thats a good point. my system requires a link to be mailed, etc. so if they screw up accidently it might be a harsh punishment.
johnnietheblack
A: 

I think having to retype passwords is worth the pain of accidentally mistyping it first time. If you use numbers in place of letters then seeing the password may not be that much help.

What really bugs me is having to retype an email address. How many people don't simply use copy and paste?

David Sykes
regarding mail-address: i guess it is for the reason that in many system the mail address becomes an 'id' and cannot be changed later and is used for all confirmation mails. therefore it is important to get it the first time correctly. i don't think that the majority of users are using copy/paste.
manuel aldana
A system that won't allow you to change your email address sounds a bit poor
David Sykes
i'd probably have to agree weith @David...if you are going to use something like an email address to actually interact wiht your user throughout the site, i think you should find a better 'id'...people generally have 3-4 emails and always switch to new ones...
johnnietheblack