[Plugin: Login Security Solution] Password policy link to explanation

Hi again,

In addition the content at the link itself it not translated into multiple languages.

Cheers,
Dean.

Hi Dan:

I think it’s important this plugin gives a good example of best practices in the UX.

Yes the both of the following are main items to be worked on in my opinion:

• the display of the password policy text
• the password strength indicator

Based on your addition of the link perhaps an additional task of:

• “Choosing a smart password” supplemental information (page or popup).

Frankly, I would like to see the password messaging change to be more like the Google account creation / password change pages.

Specifically, there are no intrusive long messaging about the password requirements – initial on screen messaging is kept minimal.

Use JavaScript to simplify the page
For the Google Create Account page when JavaScript disabled the following text is displayed under the first “Create a password” input control:

Use at least 8 characters. Don’t use a password from another site, or
something too obvious like your pet’s
name. Why?

(note the content at the link “Why?”)

But if JavaScript is enabled (which it is for most users) this text moves into a large tooltip style popup where the strength indicator is then also displayed.
This means the both the strength indicator and message are only displayed when the users input is focused on the password input control. Ensuring that the page doesn’t initially seem cluttered or confusing.

Yes I do know that the password requirements are strict when LSS is used as such perhaps make the following changes in cooperation with changing the look to be more like the Google pages:

• JavaScript disabled

• Display the following message:
  

  Use at least 10 characters. Don’t use a password from another site, or something too obvious like your pet’s name. Why?

• Link the Why? text to a specific page generated by the LSS plugin similar in content to this very
  clean page: https://accounts.google.com/b/0/PasswordHelp
• If this is a password change then include the following:

  Note: you can’t reuse your old password once you change it!

• JavaScript enabled

• Don’t display the messages above when JavaScript is disabled.
• Display the strength meter as a large tooltip styled popup, only displayed when the focus is in the
  first password input box.
• Suggest specifically an Apple style tooltip as seen here, containing a bullet point list of requirements. As the user enters the password the bullet points change to green to indicate success for that bullet point.
• If the users password includes 20 characters or more, hide the other requirements which are no longer required.
• Include within the list of requirements the ones which are checked later under a the heading

  We check these too:

  . The bullet points for these should be grey / displayed differently to show changing the users input has no immediate effect.

• If this is a password change the following text or similar shorted text should be included in the tooltip as a bullet point:

  Note: you can’t reuse your old password once you change it!

• You could go one step further; when the user posts the password back to the server and the extra validations are done on the server-side – the dialog can highlight the bullet points it failed on last in a slightly different way to let the user know what they got wrong.

Yes this can be complex but the user experience will be clean and clear as to the actions that need to take place.
There are some things that can’t be tested for until submission, this should just be made clear to the user as I have tried out outline.
It is important however that the error messages displayed on returning are clear what action/changes the user has to take/make.

Not all of the validations that can be done in JavaScript need be done immediately, KISS …

Keep It Simple to start off with, do the ones that are easily implemented add the rest under the heading

We check these too:

.

I hope this is clear!
Cheers,
Dean.