Have a look at this:
Not great from an end-user's perspective.
There are a few key issues I have with this text:
1. You should focus on helping the user achieve a positive outcome, not just bombard them with a list of problems to solve
2. It's not just any old password on the street, it's the user's password
3. You don't need to start every list item with "Password must have" (which I instinctively read in a robot voice in my head)
4. Words like "compliance" and "requirements" are business words for developers and stake-holders found in technical documents, they're not very friendly for end-users who are often already feeling stressed when needing to deal with passwords and security.
What about something like this:
Your new password is not strong enough. Please follow these guidelines:
- Include at least 1 letter
- Include at least 1 number
- Make sure the password is at least 8 characters long
Comment | File | Size | Author |
---|---|---|---|
#10 | 2598708-10.patch | 8.94 KB | NancyDru |
| |||
Screen Shot 2015-10-22 at 11.53.45 am-1.png | 31.8 KB | thedavidmeister |
Comments
Comment #2
thedavidmeister CreditAttribution: thedavidmeister commentedBonus points if you can base comments on the diff between current state and needed requirements. That would truly be helping the user problem solve.
e.g.
Your new password is not strong enough. Please update the following:
- Include at least 1 more letter
- Include at least 1 more number
- Make sure the password is at least 3 characters longer (for a total of 8)
Comment #3
NancyDruHere's a start.
Comment #4
NancyDruPasswords must meet the following requirements:
Comment #5
AohRveTPV CreditAttribution: AohRveTPV commentedAgreed, except I'm not sure "requirements" is too unfamiliar or threatening to lay people.
I think it is inaccurate to refer to requirements as mere guidelines. Guidelines are just suggestions. Also, in line with your point #1, I think it would be good to avoid negative language if possible ("not strong enough").
To me the "You may" and "You must" comes off as imperative or even a bit accusatory. So I think it would be better to avoid the "you" in the requirements list, which is unneeded anyway.
Here is proposed text, based on NancyDru's above, that attempts to address thedavidmeister's four points, and also minimizes negative language.
Password requirements met:
[ meter ]
Your password must:
- Include both upper and lower case letters
- Have at least 2 letter(s)
- Not include certain disallowed words (Or: "Avoid including...")
- Be at least 8 characters long
- Have fewer than 2 identical characters in a row
- Have a strength level of at least 50
- Include at least 1 digit(s)
- Be different than your past 1 password(s)
- Include at least 1 symbol(s)
- Not include your username (Or: "Avoid including...")
Instead of "Your password must:", perhaps "For security, please change your password so it:"
If "requirements" is really objectionable, perhaps instead of "Password requirements met", "Password criteria met". I suspect the author of this branch used "Password compliance" instead of "Password strength" because it doesn't really make sense to say something has "1 of 4" strength.
Comment #6
NancyDruThanks. I'll try to make those changes today. Also I'd like to see if I can use
format_plural()
rather than(s)
. That will require adding a second string to the plugin definition, something like:Does anyone have a problem with that?
Comment #7
NancyDru"In order for your new password to be strong, please follow these rules:"
For security, please change your password so it:
Comment #8
NancyDruComment #10
NancyDruLet's try it again. I don't really speak Test but I tried.