A very wise man once said:

Every time you ask someone to confirm a password, and angel loses it's wings, a puppy dies, and a kitten is strangled.

OK, so maybe he wasn’t so much a wise man as an arrogant prick, but it was still said on twitter, so… it has to be true, right? Right. Here’s why you should stop living in the past and start removing friction from registration forms by killing password confirmations.

The great wall of registration

In the not-so-distant past, I wrote an article detailing the need to remove abrasive registration forms from end-users and your products – and in doing so you’d increase leads and exposure. I stand by all that was said there, and want to amend the article with the additional logic put forth below.

At an age when users are confronted daily by a host of new services, apps, and websites to sample, we need to move beyond the traditional approach to get humans actually experiencing the products we want them to use. If walls are put up, demos are too short, or software isn’t fluid, those leads are going to be captured by the enemy! What is first and foremost manning the wall of registration? I’ll tell you what… it’s the redundant password.

The password confirmation

OK, so I’m not sure who invented this, but it certainly was before the days of “instant access” and the password reset. I mean, if you’ve created an RIA that’s used by people who can’t even type in their password the same time again and again, then login forms aren’t going to be your biggest problem.

Also, unless you’re in need of a security architect and are protecting the true identity of Batman, you really don’t need to have them include an uppercase, lowercase, digit, symbol, and haiku all in one password. Let’s be honest, it’s just not needed.

Doing it right

Now, I’m not saying this approach will work in every situation. For instance, if you need to authenticate past a simple email address, then you may need some additional credentials here. Another notable exception would be native software for touchscreens and other push devices that don't use a keyboard. However, in general, your login and registration forms should be near identical, with the exception that one has the option to reset the password.

The whole purpose you’ve brought the user to this point is to let them demo, trial, or use your software – you want to wow them with how frictionless and fluid your process is, and convert them with the speed and agility of your interface. You don’t want to weigh them down and make them sacrifice a kidney for the pleasure of a demo.

The way to do this is simple: after you muster the minimal amount of information required to run the software (in most places this will be email and password), you should log them in immediately and get them involved in your product.

In the outrageous circumstance that a user makes a boo-boo while setting their password, they’ll have to experience the tortuous 49-second inconvenience of a reset; and that might be a good place to ask this singular case to please confirm.

So please, put an end to password confirmations. Let’s all move upward and onward together from this unseemly mark in the avant-garde process of creating stellar UI. If you think I'm dead wrong, let's hear your rationale!