New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passwords #56

Open
govuk-design-system opened this Issue Jan 12, 2018 · 5 comments

Comments

7 participants
@govuk-design-system
Copy link
Collaborator

govuk-design-system commented Jan 12, 2018

Use this issue to discuss this pattern in the GOV.UK Design System.

@govuk-design-system govuk-design-system created this issue from a note in GOV.UK Design System Community Backlog (In progress) Jan 12, 2018

@govuk-design-system govuk-design-system moved this from In progress to Published in GOV.UK Design System Community Backlog Jan 12, 2018

@timpaul timpaul added the pattern label May 21, 2018

@amyhupe

This comment has been minimized.

Copy link
Contributor

amyhupe commented Oct 15, 2018

Dropbox Paper audit

On 15 October 2018 the Design System team reviewed a Dropbox Paper document called Create a password.

The aim was to reduce the number of places containing guidance and code by:

  • migrating relevant, useful content into the Design System itself
  • recording important research findings in the community backlog
  • removing the original Dropbox Paper page

Below is a record of the outcomes of that review.

Review outcomes

Updates to the Design System

The Design System team will carry out the following updates to ensure that relevant, useful content from the Dropbox Paper file is added to the Design System.

  • Add content to the research section of the Design System guidance saying research is needed on inline password validation for users creating a password

Research and examples

The following example was shared in the original Dropbox Paper file and some further research is needed on whether using inline validation to help users who are creating a password is helpful:

image_preview

If you have experience or examples of using inline validation to help users create a password, please share your findings and screenshots in a comment below.

@joelanman

This comment has been minimized.

Copy link
Member

joelanman commented Oct 16, 2018

I think the gif above is from GOV.UK Verify, that I worked on. We iterated on this pattern - starting without any inline validation, just the password requirements.

We found that users find it very hard to meet password requirements, even with the password visible, as above. Making the requirements status update in realtime helped them understand which requirements they had met, and which they had not.

With less complicated requirements, inline validation may not be necessary.

@fofr

This comment has been minimized.

Copy link

fofr commented Nov 21, 2018

DFE Sign in have an eye icon to indicate a show/hide password toggle. I don't know how well it tests.

I think the code is here: https://github.com/DFE-Digital/dfe.ui.toolkit/blob/15aade4b481e84839bace40f3773f2d1c66238b2/app/views/change-password-current.html

screen shot 2018-11-21 at 13 19 31
screen shot 2018-11-21 at 13 19 38

@idavidmcdonald

This comment has been minimized.

Copy link

idavidmcdonald commented Jan 10, 2019

Hi,

I found the password guidance really useful. I had one question that I didn't see covered that I wondered if there was opinion/consensus on. A quick skim of the NCSC guidance didn't find me anything.

When a new user registers and sets their new password (or similar for resetting a password), should you include a 'confirm' field for the password to be entered a second time so you can check it matches the first?

Notify don't appear to - https://www.notifications.service.gov.uk/register
The Digital Marketplace appear to - https://github.com/alphagov/digitalmarketplace-user-frontend/blob/20ee069938a4b3bf718eeed49de688d7d215079a/app/templates/auth/change-password.html

Note, this question is more out of my own curiosity when doing some learning about passwords and login patterns so doesn't need a speedy response or any real effort put into investigation.

Thanks!

@stevenaproctor

This comment has been minimized.

Copy link
Collaborator

stevenaproctor commented Jan 10, 2019

@idavidmcdonald I am interested too.

When you create a Government Gateway user ID it asks you to confirm your password.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment