A very wise man once said:
Every time you ask someone to confirm a password, and angel loses it's wings, a puppy dies, and a kitten is strangled.
OK, so maybe he wasnít so much a wise man as an arrogant prick, but it was still said on twitter, soÖ it has to be true, right? Right. Hereís why you should stop living in the past and start removing friction from registration forms by killing password confirmations.
The great wall of registration
In the not-so-distant past, I wrote an article detailing the need to remove abrasive registration forms from end-users and your products Ė and in doing so youíd increase leads and exposure. I stand by all that was said there, and want to amend the article with the additional logic put forth below.
At an age when users are confronted daily by a host of new services, apps, and websites to sample, we need to move beyond the traditional approach to get humans actually experiencing the products we want them to use. If walls are put up, demos are too short, or software isnít fluid, those leads are going to be captured by the enemy! What is first and foremost manning the wall of registration? Iíll tell you whatÖ itís the redundant password.
The password confirmation
OK, so Iím not sure who invented this, but it certainly was before the days of ďinstant accessĒ and the password reset. I mean, if youíve created an RIA thatís used by people who canít even type in their password the same time again and again, then login forms arenít going to be your biggest problem.
Also, unless youíre in need of a security architect and are protecting the true identity of Batman, you really donít need to have them include an uppercase, lowercase, digit, symbol, and haiku all in one password. Letís be honest, itís just not needed.
Doing it right
Now, Iím not saying this approach will work in every situation. For instance, if you need to authenticate past a simple email address, then you may need some additional credentials here. Another notable exception would be native software for touchscreens and other push devices that don't use a keyboard. However, in general, your login and registration forms should be near identical, with the exception that one has the option to reset the password.
The whole purpose youíve brought the user to this point is to let them demo, trial, or use your software Ė you want to wow them with how frictionless and fluid your process is, and convert them with the speed and agility of your interface. You donít want to weigh them down and make them sacrifice a kidney for the pleasure of a demo.
The way to do this is simple: after you muster the minimal amount of information required to run the software (in most places this will be email and password), you should log them in immediately and get them involved in your product.
In the outrageous circumstance that a user makes a boo-boo while setting their password, theyíll have to experience the tortuous 49-second inconvenience of a reset; and that might be a good place to ask this singular case to please confirm.
So please, put an end to password confirmations. Letís all move upward and onward together from this unseemly mark in the avant-garde process of creating stellar UI. If you think I'm dead wrong, let's hear your rationale!