Inconsistent labels on accept invite page

(Christoph) #1

Just a minor thing but anyway: the location of the “optional” indicators for Real Name and Password is inconsisten on the accept invite page:

I think can see where the confusion comes from: if the rule is that the optional label is to be shown in the help text under the input field, then it doesn’t work so well in the case of the password, which would then say “at least 10 characters (optional)” :stuck_out_tongue_closed_eyes:

So maybe it’s better to put the optional flag after the field name (above the input field) in all cases?

And while we’re at it, let’s look at the sign-up page too:

Internal consistency is fine here, but only because the password is not optional. But I wonder why setting a password is optional on the invite page but not the sign-up page? Is there any security risk involved in leaving the password optional for all sign-ups?

Personally, I like sites that don’t force me to set my password at sign-up because I use a password-manager which is not so good at creating new passwords on mobile, so I prefer doing that when I login on a desktop computer later on. (I know I can just enter any nonsense as a password, but that is sometimes thwarted by nonsense password building rules.)

So, even though I’m getting a bit off topic in the first post of my own topic (who would have deemed that possible…), I’d like to suggest to make password optional upon sign-up (or at least have a site-setting for that).

(Jeff Atwood) #2

Yes, I agree, let’s move optional to the description text for the password field @techapj

(Christoph) #3

Do you mean like

[quote=“tophee, post:1, topic:64425”]
at least 10 characters (optional)

(Arpit Jalan) #4


(Christoph) #5

BTW: am I right in assuming that since the password field is optional, it can just as well be hidden via CSS?

(Arpit Jalan) #6

Sure, all you need is this CSS:

.invites-show .password-input {
    display: none;

(Christoph) #7

How about the sing-up page:

(Jeff Atwood) #8

Because a password is not required when someone invited you. They vouched for you.

(Christoph) #9

That implies that users who did not set a password pose some kind of threat. Therefore:

(Jeff Atwood) #10

No, it does not imply there is a threat.

(Christoph) #11

So why do new users need someone to vouch for them in order to be able to sign up without providing a password?

(Jeff Atwood) #12

The priority is getting in fast with low friction on an invite. As in “my buddy Don knows all about this topic, he can respond!”

(Christoph) #13

I understand why no password is required for invitees. What I’m trying to get at is why it is required for ordinary sign-ups.

(Jeff Atwood) #14

Because the priority is not on getting in fast in that case, because nobody we trust invited them and they are an unknown. There is no topic in mind for them to reply to by the invitee.

(Christoph) #15

If untrusted new users without a password don’t pose a threat, then I don’t see why their sign-up process should be slowed down. I conclude: there is no reason to require a password at sign-up.

(Jeff Atwood) #16

That is nice but I don’t agree with your logic or rationale and we won’t be doing that. Thanks!

(Sam Saffron) #17

I think a significantly stronger argument is that there is no reason to require password for login. Cause people are just bad at passwords and sending magic login links is easy.

Agree with Jeff that requiring passwords on signup is not a barrier that we have to push at removing.

(Christoph) #18

Now that’s what I call a reason: removing the password requirement on signup requires significant work that is better invested elsewhere. Thanks for clarifying!