Simple (a.k.a. Bank Simple) is doing a hell of a job with their password strength indicator. Here’s a sneak peak into their interface. Thanks to Ryan Snyder for getting me a super early invite.
I’m using this to improve the password field for Mozilla’s identity project. Join the discussion in comments here or on the github issue.
9 of 10 Sites Agree Requiring Log-in is Whack
Feb 14, 2012
How People *Think* Facebook Connect Log‑in and Log‑out Work
Feb 7, 2012
13 Signs Your Site Needs a UX Exorcism
Jan 20, 2012
Simple: Getting users to pick strong, memorable passwords
Jan 14, 2012
Chief eXperience Officer at Mozilla in 2012
Jan 3, 2012
Spaces shape creativity: Ziba project rooms
Nov 8, 2011
My Android tablet is Kenneth Parcell
Nov 4, 2011
UX of a Protest: Occupy Portland
Oct 6, 2011
19 comments
Michael says:
Jan 14, 2012
Crystal,
I like it. Can we also add some education around the pass phrase idea? I find it’s so much easier for a user to select a strong password that is easy to remember when they think of it as a phrase instead a crazy combo of characters and symbols.
For example,
The 22 inch smurf went to the market!
38 characters, upper case, lower case, numbers and special characters. And pretty easy to remember.
Mardeg says:
Jan 14, 2012
I like michael’s education idea, and Steve Gibson’s “Search Space Calculator” at https://www.grc.com/haystack.htm is a good learning tool for that.
Robert Accettura says:
Jan 15, 2012
Interesting interface. My only criticism is that it doesn’t really tell you upfront what it considers “good” leaving the user likely to throw stuff on the end to get it to pass, and they will forget later on.
I actually wrote a password generator a few years ago (safepasswd.com) on a whim because I wanted something memorable that encouraged the use of longer and more complicated things…
Using things like GRC’s haystack it becomes apparent that it’s totally possible to create a secure password that’s pretty simple to remember. Web security goes up significantly if websites also mitigate brute force attacks by disabling accounts after X incorrect attempts.
Passwords are a drag.
ouli says:
Jan 15, 2012
One of the issues is that password strength is very, very arbitrary.
It led users to believe that passwords of 20 characters make everything secure, too – which is not true. Except for dumb passwords (single dictionary words, etc) its rare that the passwords get actually cracked. It’s other vulnerabilities or just reusing the same password, or using stupid constructs like:
2012janJimmyspassword
then when rotation comes
2012febJimmyspassword
etc.
The best is probably to direct the user into making a good password directly like the one Michael mentioned. Long sentence that doesn’t make sense with some special characters if you can (but not required, long sentences already have a crazy entropy, if you make it too hard people revert to crappy passwords)
Liv Madsen (@livmadsen) says:
Jan 15, 2012
For your inspiration, very nice validation: RT @codepo8 Simple: Getting users to pick strong, memorable passwords http://t.co/3cWkrN71
@EliSklar says:
Jan 15, 2012
Simple: Getting users to pick strong, memorable passwords http://t.co/wR6BsNyy
Jeremy Jantz (@jeremyjantz) says:
Jan 15, 2012
Really well thought out password selection process from Bank Simple.
http://t.co/C0KIQBWn
Justin says:
Jan 15, 2012
I think that’s a really good start for the Moz project. I agree with the comment above and think that showing a user what is considered an A/B/C/D/E/F password is helpful for beginner users.
Ibai says:
Jan 16, 2012
I love the interaction but I’m extra interested on the side effects of something like this. For instance, how does a 50 year old non-tech savvy user will manage his password within Simple?
Trying to educate casual users seems to be like a complicated challenge. They are used to have simple passwords and not being broken so it’s probably easier to implement extra security from the technology side.
Or perhaps, as usual, the best option is something in between. But asking for “20 character passwords” doesn’t feel like an evolution, tbh.
Jason Discount (@jaydisc) says:
Jan 16, 2012
Nice UI! “Simple: Getting users to pick strong, memorable passwords | crystal beasley http://t.co/S9vwvLSX“
Desigan Chinniah (@cyberdees) says:
Jan 16, 2012
Taking a look at Simple’s attempt to get their users to pick strong, memorable passwords. http://t.co/OniXAhW9 /thx @skinny #ux #ui #ixd
Simple: Getting users to pick strong, memorable passwords | crystal beasley | UXWeb.info says:
Jan 16, 2012
[...] a hell of a job with their password strength indicator. Here’s a sneak peak into their interface. Link – Trackbacks Posted in User experience (UX) | Permalink. ← Trust is fragile – [...]
Jim Bruene (@netbanker) says:
Jan 17, 2012
Design: First look at Bank Simple (@simplify) UX for password setup. Wonderful interface. Long p/w though. http://t.co/IUS74iy2
Mal Jago says:
Jan 17, 2012
Mobile phones have taken away our need to remember friends phone numbers but now that space in my brain is cluttered with password fatigue. If banks can encrypt credit cards why not passwords?
PS like your update and how the password interface works on Simple.
Daniel Easterbrook (@dancommator) says:
Jan 18, 2012
Simple: Getting users to pick strong, memorable passwords @Simplify http://t.co/j6B61cJ9 via @skinny #simple #banking #digitalplanning
Shawn Kirsch (@thattalldude) says:
Jan 19, 2012
Simple: Getting users to pick strong, memorable passwords http://t.co/eLgTuOLB I REALLY hope to get access to @Simplify soon.
Arnaud Lacour (@arnaudlacour) says:
Jan 19, 2012
How Simple gets users to pick strong passwords…neat! http://t.co/3gAPcb0Q
Fred says:
Feb 1, 2012
This is fabulous. I do agree with other people’s suggestions here though that they don’t show what a good, easy to remember passphrase can look like, so they are encouraging picking a long and complicated password, which may be secure but will be forgotten later.
Eric (@ericthebell) says:
Feb 9, 2012
Sweet password creation interaction/guidance at @simplify, via @skinny: http://t.co/H2EVOTiH”