Inconsistent labels on accept invite page

Just a minor thing but anyway: the location of the “optional” indicators for Real Name and Password is inconsisten on the accept invite page:

I think can see where the confusion comes from: if the rule is that the optional label is to be shown in the help text under the input field, then it doesn’t work so well in the case of the password, which would then say “at least 10 characters (optional)” :stuck_out_tongue_closed_eyes:

So maybe it’s better to put the optional flag after the field name (above the input field) in all cases?

And while we’re at it, let’s look at the sign-up page too:

Internal consistency is fine here, but only because the password is not optional. But I wonder why setting a password is optional on the invite page but not the sign-up page? Is there any security risk involved in leaving the password optional for all sign-ups?

Personally, I like sites that don’t force me to set my password at sign-up because I use a password-manager which is not so good at creating new passwords on mobile, so I prefer doing that when I login on a desktop computer later on. (I know I can just enter any nonsense as a password, but that is sometimes thwarted by nonsense password building rules.)

So, even though I’m getting a bit off topic in the first post of my own topic (who would have deemed that possible…), I’d like to suggest to make password optional upon sign-up (or at least have a site-setting for that).

6 Likes

Yes, I agree, let’s move optional to the description text for the password field @techapj

3 Likes

Do you mean like

[quote=“tophee, post:1, topic:64425”]
at least 10 characters (optional)
[/quote]?

1 Like

Done.

2 Likes

BTW: am I right in assuming that since the password field is optional, it can just as well be hidden via CSS?

Sure, all you need is this CSS:

.invites-show .password-input {
    display: none;
}
3 Likes

How about the sing-up page:

Because a password is not required when someone invited you. They vouched for you.

1 Like

That implies that users who did not set a password pose some kind of threat. Therefore:

No, it does not imply there is a threat.

So why do new users need someone to vouch for them in order to be able to sign up without providing a password?

The priority is getting in fast with low friction on an invite. As in “my buddy Don knows all about this topic, he can respond!”

I understand why no password is required for invitees. What I’m trying to get at is why it is required for ordinary sign-ups.

Because the priority is not on getting in fast in that case, because nobody we trust invited them and they are an unknown. There is no topic in mind for them to reply to by the invitee.

If untrusted new users without a password don’t pose a threat, then I don’t see why their sign-up process should be slowed down. I conclude: there is no reason to require a password at sign-up.

That is nice but I don’t agree with your logic or rationale and we won’t be doing that. Thanks!

I think a significantly stronger argument is that there is no reason to require password for login. Cause people are just bad at passwords and sending magic login links is easy.

Agree with Jeff that requiring passwords on signup is not a barrier that we have to push at removing.

2 Likes

Now that’s what I call a reason: removing the password requirement on signup requires significant work that is better invested elsewhere. Thanks for clarifying!