E-mail List Archives

Re: Password Rules - Impact on Users with Cognitive Disabilities

for

From: Jonathan Avila
Date: Oct 28, 2014 5:44AM


> along with your text description, an example password

I was thinking the same thing. Perhaps though the system should reject the example password as not acceptable as people may be inclined to just use that.

Jonathan

-----Original Message-----
From: <EMAIL REMOVED> [mailto: <EMAIL REMOVED> ] On Behalf Of Mallory van Achterberg
Sent: Tuesday, October 28, 2014 5:23 AM
To: <EMAIL REMOVED>
Subject: Re: [WebAIM] Password Rules - Impact on Users with Cognitive Disabilities

On Mon, Oct 27, 2014 at 08:54:10PM +0000, <EMAIL REMOVED> wrote:
> Password Must be 8 - 20 characters. Must include at least one lower-case letter and one number. No symbols may be used. Cannot be one of six previous passwords.
>
Might be. In general, people understand examples better than text descriptions, so along with your text description, an example password (with each point maybe drawn with an arrow to it) would help more people.

Nielsen has suggested that the hiding of passwords is a UX anti-pattern and so you may possible want to consider not using the type="password", if that's an option. Typing on a keyboard while keeping a bunch of rules straight in your head and then not being able to see what you've typed is really hard, even without cognative disability.

Also, adding a dynamic Javasctipt hint near the input may also help.
For example, listening for the oninput event, check the string and see if it's missing one of the demands, like a special character or something uppercase, and suggest it. I've never done this, but I like the idea, similar to the dynamic password-strength "meters" some forms use, except more specific.

_mallory