Online security is a hot topic in this age of computer hacking and information leaks. But it's also a two-way street. Web designers and managers must do all they can to ensure safe transmission of information. And, users should do their part in coming up with passwords that are not easily detectable.
Here's a look at how both sides can work together in keeping transactions secure.
What's the Password?
It's alarming to see how many people use silly or obvious online passwords. As Georgia Wells reports for The Wall Street Journal, California applications company SplashData dug through more than 2 million leaked passwords in a 2015 study. The company found that half-hearted ones were the most popular: “123456,” “password,” “qwerty” (the first six letters on most computer keyboards). Not terribly original, and therefore not terribly safe.
Here's how SplashData chief executive Morgan Slain described it in a statement: “We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers.”
What makes a good password? At SmarterSelect, we incorporate an eight-character minimum password, and one of those must be a number. We've found this to be a point of balance for password security and a positive user experience.
The Confirmation Field
For web developers, how users set up their passwords can be problematic. The “confirm password” field in particular can trip up users and cause them to abandon sign-up forms. A story by UX Movement makes it plain with the headline: “Why the Confirm Password Field Must Die.”
The intent behind the field is sound enough. If the user types in a password, then again in the confirmation field but with a typo, the process stops. The typo has to be fixed before the next step occurs.
UX references a study by Formisimo, which found that the confirm field was the spot where more than 25 percent of the people who bailed on the sign-up process got stuck: “Once they removed the confirm password field and replaced it with an unmasking option, the number of user corrections decreased. Not only that, but it increased form starts, completions and the conversion rate.”
The right move, according to UX, is not to just eliminate the confirm field, but to unmask it, so that the user can see any typos. Or include a “toggle” option, which allows the password to be masked or not.
Secure, But Painless
That should be the goal for web developers and managers. Frustrating application forms translate into frustrating user experiences. And those kinds of experiences will take potential customers and clients elsewhere.
How to avoid all that? Jessica Enders examined it for sitepoint.com, recommending three steps for the log-in process.
- Don't play the guessing game: Make it clear what is required, Enders advises. For instance, if the username is actually the customer's account number, point that out, and explain where that account number can be found on the bill. If it's an email address or a numeric pin, say so.
- Usability: We've all gotten stuck trying to remember the right user name and password for online accounts. The trick is to make it relatively easy for the user, but not so easy that hackers will be able to snag the information. Enders advises giving users a few attempts to get it right, and then a very brief time limit before they can attempt to log in again — instead of locking the user out completely. That can cut down on hacking attempts.
- Simplicity: Don't clutter a log-in page with too much information, Enders says. Give the user name field and the password field, and include the “forgot user/password?” link in that same space. Make resetting a password a priority over recovering it, she says, because emails that retrieve passwords can be swiped by hackers.
User safety should be a top priority as businesses develop their application forms and log-in pages. SmarterSelect emphasizes security, along with a positive user experience. Achieving the balance between the two is essential for strong business interactions with customers.