Why you should allow users to see their password

May 24, 2016

Your signup form is one of the first impressions users have of your app. After they read the marketing copy and decide your product is worth trying, the first time they interact with your app is to sign up.

For years, every signup form worked like this:

2016-05-24-confirm-password

Users think of a password and type it into the field. Then they select the next field and type the same thing again.

And this design pattern needs to die.

The idea behind the confirm password field was that some people mistyped their password and when they tried to log into their account, locked out of their account. So to fix this, designers added a second password field to double check the user typed what they meant to type.

This worked to help improve accuracy, but the confirm password field came with its own problems.

The first is that the confirm password field makes users do extra work. Only a small percentage of users mistype their password, but the confirm password field makes all users do extra work. If you want users to do something in your app, make it easier to do. This is especially important for the signup form because users have nothing invested in your app and can easily walk away.

The other problem is that the confirm password field gives the user an error. People hate getting errors and will do everything they can to avoid them. Good interfaces avoid giving the user an error whenever possible and instead give users the opportunity to fix the problem before they get an error.

So just remove the confirm password field?

In many newer apps, you’ll see signup forms without a confirm password field.

This is slightly better. Now users can type their password quickly, but it doesn’t help with the original problem of accuracy. At least with the confirm password field, users knew if they mistyped their password and could correct it. Now they won’t know there’s a problem until they come back to log in and can’t figure out why their password isn’t working.

Instead, let users see what they typed

A better solution is to allow users to show their password to see what they typed:

See the Pen Show password checkbox by Josh Wayne (@joshwayne) on CodePen.

Adding the option for users to see their password is a better solution because:

Giving people the option to view their password allows them to check that they’ve typed what they meant to without forcing them to type it again. It also allows a user to type their password quickly and accurately, while also avoiding showing errors.

2016-05-24-password-field-matrix

When using the show password design pattern, there’s some good and bad ways to implement it.

Patterns to avoid:

Patterns that work:

Examples of the show password design pattern.
Simple, Mailchimp, Jira, and Mac OS X Wi-Fi.

Read more:

Do you want to learn how to design web apps that people love using?

Sign up for my newsletter to receive free updates on the latest articles, advice, and learning resources to help you design software and websites that don't suck.

I hate spam. I won’t use your email for evil and you can unsubscribe any time.