Just a minor thing but anyway: the location of the “optional” indicators for Real Name and Password is inconsisten on the accept invite page:
I think can see where the confusion comes from: if the rule is that the optional label is to be shown in the help text under the input field, then it doesn’t work so well in the case of the password, which would then say “at least 10 characters (optional)”
So maybe it’s better to put the optional flag after the field name (above the input field) in all cases?
And while we’re at it, let’s look at the sign-up page too:
Internal consistency is fine here, but only because the password is not optional. But I wonder why setting a password is optional on the invite page but not the sign-up page? Is there any security risk involved in leaving the password optional for all sign-ups?
Personally, I like sites that don’t force me to set my password at sign-up because I use a password-manager which is not so good at creating new passwords on mobile, so I prefer doing that when I login on a desktop computer later on. (I know I can just enter any nonsense as a password, but that is sometimes thwarted by nonsense password building rules.)
So, even though I’m getting a bit off topic in the first post of my own topic (who would have deemed that possible…), I’d like to suggest to make password optional upon sign-up (or at least have a site-setting for that).
Because the priority is not on getting in fast in that case, because nobody we trust invited them and they are an unknown. There is no topic in mind for them to reply to by the invitee.
If untrusted new users without a password don’t pose a threat, then I don’t see why their sign-up process should be slowed down. I conclude: there is no reason to require a password at sign-up.
I think a significantly stronger argument is that there is no reason to require password for login. Cause people are just bad at passwords and sending magic login links is easy.
Agree with Jeff that requiring passwords on signup is not a barrier that we have to push at removing.
Now that’s what I call a reason: removing the password requirement on signup requires significant work that is better invested elsewhere. Thanks for clarifying!