Users entering passwords in the custom user field


(Gwil Noble) #1

We’ve noticed something interesting and a bit concerning on our Discourse: users are entering their passwords on an user field we’ve added. Basically, it is really helpful for our community that users share their location, it makes supporting them much easier. Therefore when they sign up they are asked for this information so others, especially the moderators, have an easier job (so the information needs to be publicly visible). Because this field is placed directly beneath the password field, and on a lot of sites you’re asked to confirm the password, users automatically write their passwords twice without really reading the description.

We’ve changed the style-sheet so that the user field is more distinctive and have reworded it too. Ideally the password would be the last field, not the field we’ve added. Have I missed something, is there a way to do this?


Differentiate user fields on signup form better
(Sam Saffron) #2

I am not sure I agree about moving it to the end, but totally acknowledge something is off and by default we should do a better job.

We could automatically detect people entered the password in a non password field and stop all progress till they amend it.


(Mittineague) #3

Would a horizontal rule or fieldsets work well enough?


(Erlend Sogge Heggen) #4

I’m not aware of any issues, but those using auto fill tools should also test this and make sure we’re not confusing any robots.


(Felix Freiberger) #5

This sounds like a very good idea. There is no good reason users should echo their password (or anything very similar) in any other field…