SECURITY LAYS THE FOUNDATION FOR OUR DESIGN CONCEPT
We use leading encryption technology like HTTPS and TLS to protect customer data transmitted on the website. Whenever a customer creates an account, their password is hashed and stored in the database. For interested readers,here is one article explaining certain good and bad practices of implementing secure salted password hashing
IMPLEMENT PROPER PASSWORD STRENGTH CONTROLS
Minimum length of the passwords should be enforced by the application.
- Passwords shorter than 10 characters are considered to be weak
- Typical maximum length is 128 characters
We allow our users to have least 8 characters.
Password mechanisms should allow virtually any character the user can type to be part of their password, including the space character. Passwords should, obviously, be case sensitive in order to increase their complexity.
SIGN UP PASSWORD VERIFICATION
We implement signup password without a repeat typing confirmation to save user effort and time, but allowing password input with show/hide (default hide) feature
INCLUDING MARKETING REQUIREMENTS INTO SIGN UP DESIGN
For encouraging people to finish the Sign up, we design the right part section to list attracting benefits customers would have, and contact information from our client’s customer service department. These information together will bring more secureness, credibility and trust to customers.
For marketing and our client’s events purpose, we include Newsletter subscription in our Sign up screen. By using confirmed opt-in (COI) procedure helps to ensure that a third party is not able to subscribe someone else accidentally, or out of malice. When no action is taken from the e-mail recipient, they will no longer receive any messages.
It is equally important to make it clear to customers that it is optional to choose Newsletter when they register account on our website.
GIVE CUSTOMER A COMPLETE FLOW
Inside Sign up screen, in case people remember that they did have an account in our website, it is vital to let them quickly navigate to sign in page, we provide this link under the sign up button.
Same concept applies to Sign in screen, we provide links to forget password page to help customers recover password, and link to sign up page.
In all pages mentioned above (Sign in, Sign up, Password forget), customers can always click company logo to visit the home page.
PROVIDE NECESSARY HINT MESSAGE AT MOST APPROPRIATE TIME
GIVING HINT WHEN CUSTOMER FORGOT TO FILL IN THE MANDATORY FIELDS
Highlight the mandatory fields that customers forgot to fill in and provide message to tell what to do
We put the hint message of password strength directly above input box. This triumph over inline hint because it projects information ahead to customer’s mind and they have no stress to think about what was the password strength rules they have to follow. Of course a equally good design would be the pop up message who appears to remind you both the password strength rules and auto validate your password strength as users are typing. Example from creating a Google Account
INSTANT VALIDATION FOR EMAIL ADDRESS AND PASSWORD
We do use instant validation for email address format, to help users quickly find out that they typed an invalid or wrong email address. Highlight the email address field and notify them.
When password is not adhering to the strength rules, the password field is highlighted along with message to remind customers to input at least 8 characters.
And if the agreement policy is not ticked on when customer submits registration, this part will be highlighted also with hint message. It must be noted that we need to provide customers links to directly read about the agreement and policy they would agree on.
SIGN IN DESIGN
For security reasons mentioned at the beginning of this article, we respond customers with a generic error message regardless of whether the user ID or password was incorrect. It should also give no indication to the status of an existing account.
"Login failed; Invalid userID or password"
We do still validate the empty fields customer forgets to input, highlight the corresponding fields and provide hint message to tell him/her to fill the fields in.
To help customers earlier find out possible typo mistakes, we use instant validation to verify the invalid email address format in this screen.
A REPEATING SUMMARY
Always start with simple design to let customers focus on the single task on hand. Remove unnecessary navigations, advertisements, links in the page. At this point, customers already made the decision to either Sign in or Sign up, there is no need to distract user any more. Keep the company logo to enable customers visit the home page when they want to, there they can navigation, browse through pages in every way.
A complete flow to enable customers navigate into different situations they need, with necessary hint message to assist customers all the way.
A smooth,considerate, fast and secure sign in, sign up process is what everyone wants.