Why Doesn't Discourse Have a "Confirm Password" Section During The Signup Process?


(Jae Van Rysselberghe) #1

Hi,

I noticed something that stood out during a new Discourse user/member registration process/form, which is that there is no typical “confirm password” section (unless I missed turning this on in the settings).

Twitter and Facebook don’t ask you to confirm your password, but vBulletin and Invision does (but then again Xenforo doesn’t).

I don’t have any major issue with this, just asking out of curiosity.


(Michael Friedrich) #2

I had that discussion with one of our UX designers lately too for a different application. There’s pros and cons with an additional form field. I for myself never really typed the password twice, just copy pasted it most often. Since there is a reliable way to reset your password via mail, or even use oauth these days, I like the Discourse approach with not asking again and keeping the interface small :slight_smile:


(Jay Pfaffman) #3

Also, it’s very handy to be able to just type a bunch of random characters in to set the password and let the Evil Google remember it for you.


(Kris) #4

Generally making forms longer means that someone is less likely to complete it. This is especially true on mobile devices.

In this case specifically, we’re already asking for your email address (and you typically confirm your account with it) — so if you typed your password incorrectly you can reset it to your email address. Worst-case is that you typed your email and password wrong, and then your account never becomes “confirmed” and you have to make a new one.

One potential improvement we could make is to have a show/hide password button in the input, to unmask it if someone wants to confirm what they type, but I don’t think we’re running into the issue that often either way.

Some similar opinions out there:

https://baymard.com/blog/confirm-email-not-password

http://uxmovement.com/forms/why-the-confirm-password-field-must-die/

Additionally, you should really use a password generator/manager so you’re not typing them to begin with (but I realize most people won’t).


(Jeff Atwood) #5

(Jeff Atwood) #6

I agree, but this is a browser-level feature not a webpage-level feature.