Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Users don't know what minimum score is required until they try to submit the form. A better UX would be to indicate what minimum score is required.
Proposed resolution
Add a message under the score, something like "The minimum strength required is strong"
Remaining tasks
review
User interface changes
new sentence under the current strength.
API changes
n/a
Comment | File | Size | Author |
---|---|---|---|
#23 | 2421725_20_23_interdiff.txt | 658 bytes | banviktor |
#23 | 2421725_23.patch | 4.86 KB | banviktor |
Comments
Comment #1
scor CreditAttribution: scor commentedComment #2
scor CreditAttribution: scor commentedNot 100% happy with it but here is a first attempt at a preview (no patch yet):
Someone clever might come up with a better UX idea... maybe a green "check" icon could appear next to the current store when it's high enough... though not sure it would be obvious what it means.
Comment #3
gregglesYour proposal seems OK. I think it would be better as "The required minimum strength is strong." Moving the word required up front will help people see that it is important text and highlighting the most important word should help them get the summary of the info.
I could also imagine having 2 horizontal bars:
[*** ] - your score
[******* ] - required score
Comment #4
scor CreditAttribution: scor commentedThis patch doesn't implement the ultimate solution, but a useful error message will be better than nothing, and something we might want to have regardless.
Comment #5
banviktor CreditAttribution: banviktor commentedI have a little proposal that started from trying to solve this issue but it expanded a bit.
So currently the horizontal bar indicating the strength of the password is scaled from very weak to very strong in case no strength requirement is set, however when the requirement is set, the maximum of the bar is the required strength. I think this is a bit confusing, and users won't want to have better a better password set than the required as good would show the full green bar if the required strength is not set to very strong.
My proposal:
Comment #6
coltraneI think you're right that the required password strength should be visible after starting to enter a password so the user can understand the strength rating in accordance to the requirement.
Are you suggesting that the length of the bar also reflect the strength? Right now the length is either 0%, 50% or 100%, and the color adds additional acceptance suggestion, going from red to yellow to green, and finally with a check mark on highest strength.
In hindsight relying on color communication is not universally accessible, but communicating the 0-4 range in bar length alone doesn't feel sufficient as is. The input field is short so 20% increment changes may not be noticeable.
Comment #7
banviktor CreditAttribution: banviktor commentedThat is true with the required strength set to good.
If you set it to strong you will see 0%, 33%, 67%, 100%.
If you set it to disabled or very strong you will see 0%, 25%, 50%, 75%, 100%.
So currently 100% is always the required strength, or if it's not set then it's very strong.
My suggestion is to use only the last scale, so users will know that their password can get better than good for example. It's a kind of a motivation to target the best possible strength.
I think the 25% changes with the colors also changing and the "Password strength: ..." text changing is fairly noticeable.
Comment #8
coltraneAh, you're right, I forgot that the bar does advance in stages matching what the required strength is. Yes, I think the last scale is appropriate along with including the required strength level before submitting the form.
Comment #9
banviktor CreditAttribution: banviktor at CARD.com commentedHere's a patch for my proposal with a screenshot.
If this is the preferred UX I'll update the issue summary.
Comment #10
banviktor CreditAttribution: banviktor at CARD.com commentedComment #11
banviktor CreditAttribution: banviktor at CARD.com commentedNow if the strength requirement is disabled it won't show that Very Weak is the requirement.
Comment #12
banviktor CreditAttribution: banviktor at CARD.com commentedI removed the part that is not relevant to this issue (the scale of the bar). Will open a separate issue for that soon.
Comment #13
banviktor CreditAttribution: banviktor at CARD.com commentedComment #14
coltraneWith this class it means the check mark appears, which for me on Chrome overlaps with the text before it. You could use a different class that has green font color but no background image.
Also, the meter is appearing at the top of the settings page test widget for me in Chrome OSX. @banviktor do you get that?
Comment #15
banviktor CreditAttribution: banviktor at CARD.com commentedOh right sorry. Didn't try Very Strong as a requirement... it does have that background image.
Yes. Sadly that's not the effect of the patch so will have to dig to find out what's causing it. This will need a third issue.
Comment #16
banviktor CreditAttribution: banviktor at CARD.com commentedNo background image for Very Strong in the requirements.
Comment #17
coltraneYeah, the meter appearing on top can be handled separately. Patch in #16 looks really good, just one remaining discussion issue.
I think the original idea of the check mark was that it signified that the entered password is acceptable and meets the requirement. Now the requirement is communicated in text matches color and the check mark only appears for Very Strong, which is a different meaning. This new meaning is OK with me since we want users to have very strong passwords, but worth discussing.
Comment #18
banviktor CreditAttribution: banviktor at CARD.com commentedI think it makes more sense to have the check mark appear if the password meets the requirement. That's what check marks are for usually.
This modification would solve my css problem too (that workaround in #16 wasn't the cleanest). The check mark background could be a separate class this way.
So +1 for the old meaning. Separate issue or can I do it here (if that is the preferred UX)?
Comment #19
coltraneSounds good, let's keep it in this issue. Setting to needs work.
Comment #20
banviktor CreditAttribution: banviktor at CARD.com commentedCheck mark is now shown if strength reaches the required score. Looks a bit weird though when set to 'disabled' (green check mark with a red Very Weak message).
Comment #21
banviktor CreditAttribution: banviktor at CARD.com commentedComment #22
coltrane@banviktor could you make it so the check mark only appears if there's a required strength level set (e.g. not disabled)?
Comment #23
banviktor CreditAttribution: banviktor at CARD.com commentedHere it is.
Comment #25
coltraneThank you @banviktor! Committed to 7.x and marking this issue for backport.
Comment #26
manuel.adanI assume that the 6.x branch is no longer maintained.
Comment #27
gregglesAs a 7.x issue it's fixed, so moving there to track it was fixed.