Cybercrime cost businesses more than $2 trillion globally in 2019. With the proliferation of digital products, an increasing number of users are reusing login passwords, which is the top source of data breaches. Password management user experience has been disregarded for far too long.

Designers must reconsider every part of password UX. Much of our lives are managed digitally. For practically every facet of the human experience, there is an app, website, or SaaS platform, and they all require passwords. With so many accounts come complications.

According to passwordresearch.com, weak or repeated login credentials are responsible for 80% of data breaches, 61% of people use the same password for several accounts, and just 44% of users update their passwords at least once a year.That is a lot of faith to put in online channels. If one app is compromised, all accounts are at risk.

UX password

The current password scenario is terrifying. We as designers may be tempted to focus on the visual appeal of login pages while ignoring how users create passwords. We may even believe that passwords are the duty of developers.

Unfortunately, the password issue has serious commercial implications. Frustration during the signup procedure causes potential users to abandon the process entirely. Others forget the complicated passwords they were forced to generate and clog customer service, wasting time, personnel, and money.

A poorly thought-out password strategy has a harmful cascading effect on both consumers and enterprises. Is there anything that designers can do to help this situation?

How to Improve Password Usability

There are several techniques for improving password UX that aren’t extremely complicated. When developing a password experience, it’s often helpful to have a mental picture of your primary users. Strive for a happy medium between:

Simple directions
Simple procedures
Long-term user safety
UX password reset

Here’s an example of what you shouldn’t do. The user receives an error message (Too long), but there is no clear indication of how to resolve the issue or what the allowed length is.

1. Use Only a Few Security Rules

A password should be simple to create. Forcing visitors to meet a large set of criteria adds friction to the signup process. Allow users to generate whatever passwords they like, but if they choose anything apparent, such as 12345, alert them that their personal information is at risk.

2.Explain the significance of secure passwords to users.

Nobody enjoys following rules or directions that are devoid of context. Instead of preventing individuals from creating accounts, educate them about the dangers of identity theft and data breaches. Use real-world statistics to make your point: “Did you realize that a cybersecurity attack occurs every 39 seconds?”

3. Passwords can now be shown or hidden.

Usability decreases when users enter passwords and the only response they receive is a row of bullets. Masking passwords typically does not boost security, but it does cost you money due to login failures. Place Show/Hide icons within password entry areas to allow users to read passwords.

An eye that opens and shuts when clicked is common, however, depending on the product and consumers, a basic Show/Hide text toggle may be more effective.Some websites use unmasked input fields by default. While this method is often well received by consumers, it should be used in conjunction with a Hide option in less secure contexts (cafes, offices, etc.).

4. UX password requirements

Maxwell Health employs easily visible Show/Hide icons with text labels, in addition to explicit password requirements.
Incorporate a Password Strength Meter. Password strength meters provide consumers with real-time insight into how well their passwords will withstand data attacks. Strength meters should be used in conjunction with appropriate writing that indicates various levels of password efficacy.

Weak, medium and strong indicators are useful, but the wording should alert consumers about the risks: “Your password exposes you to data theft.”Consider what colors will make an effect in addition to copy, but keep in mind that color has cultural importance.

5. Best practices for password validation

• Change to Passwords
  Passwords are typically eight to sixteen characters long, but they can be longer. The longer the pass, the more probable it is to withstand a brute-force attack.

Passwords are appealing because they are simple to remember. Instead of myhouse5, which is poor and forgettable, a user may input myhouseisawesomeandcozy.

A high level of randomness isn’t required for passes with four or more words, although users should be informed to avoid well-known word combinations (song lyrics, movie quotes, etc.).

6.UX for password validation

Consider Other Password Options
Passwords are a well-known paradigm, but they aren’t the only means to safeguard user data. Biometrics, physical hardware, and reinvented login processes are all part of a tech industry campaign to eliminate passwords.

7. Use Single Sign-On

SSO is a mechanism in which users gain access to numerous goods and services using a single username and password. SSO-enabled websites and apps rely on third-party providers (such as Google, Facebook, and Apple) to validate user identities. Users just need to authorize access to their SSO accounts.

SSO avoids users from accumulating passwords, speeds up onboarding, and allows smaller firms to benefit from the security infrastructure of larger corporations.

8.UX password change

Instead of setting new passwords, new Kayak customers can select from a list of SSO providers.
Make use of fingerprints and facial recognition.
Many smartphones, laptops, and tablets include biometric technologies that can be readily integrated into the sign-on process. Users merely touch or peek at their gadgets rather than typing passwords. Faces and fingerprints are difficult (though not impossible) to fabricate, which boosts security.One disadvantage is that there are still devices without biometric capability, thus designers should include alternative login choices.

9. Allow Sign-in Without a Password

Passwordless sign-in is a viable alternative as long as consumers have smartphones and usernames. Users receive an onscreen notification with a PIN after inputting their usernames. Simultaneously, a phone notification encourages users to choose a matched PIN from a selection of possibilities. This method is also applicable to fingerprints and facial recognition.

10. Allow Email Login

Almost everyone who uses digital products has an email address, and the majority of individuals already use email for security purposes such as forgotten passwords and usernames. Why not take it a step further?

Email login works by delivering users’ inboxes time-limited links. Slack and Medium include a “Magic Link” email login function that makes sign-on much more smooth.

11. Password recovery utility

Medium’s email sign-on link is only valid for 15 minutes after it gets into a user’s inbox.
Give out physical security keys
More corporations are using physical keys in enterprise organizations and areas where security is critical (banking, healthcare, etc.). These cryptographic cards plug into USB ports and automatically fill in application sign-on fields with single-use passwords.

The technology is still evolving, but it has been shown to:

• Make sign-in four times faster.
• 90% reduction in support costs
• Account takeovers will be almost eliminated.

Additionally, firms such as YubiKey are incorporating fingerprint recognition for added security. One apparent disadvantage is the possibility of losing hardware. Even while administrators can disable lost keys, account recovery is far more involved than simply tapping a “forgot password” button.

UX password reset

The YubiKey cryptographic security card fits into USB ports and significantly speeds up sign-in.

Password UX that is both simple and secure

Users aren’t particularly good at creating, remembering, or managing passwords, which causes aggravation and unnecessary UX friction.
As designers, we must not accept the existing quo.
We are problem solvers, and there are numerous methods to improve or entirely redesign the password experience. As long as there are digital accounts containing sensitive data, we must devise methods for users to authenticate that they are who they claim to be. Perhaps one day, passwords will be obsolete, but in the meanwhile, we should strive towards password user experiences that are simple and secure for all parties.