Optimize password authentication

1. Show password requirements to reduce technical restrictions and make password creation faster.

Make sure that the user can see password requirements at least the entire time that the field is selected.

2. Allow users to unmask the password and place a Show/Hide password control next to it.

On mobile devices and tablets, show the password by default and let users toggle the visibility with a Hide password control. Let users toggle password visibility according to their needs.

3. Show a strength indicator to motivate people to create stronger, more secure passwords.

You can use both strength indicators and visible password requirements to reduce errors and encourage users to care about security.

4. Use only one password field and don’t make people confirm their new password.

They can confirm manually by unmasking their chosen password.

5. Experiment with passphrases instead of passwords.

Passphrases are more user-friendly because it’s simply easier to remember a series of recognizable words than random characters.

6. Add optional two-factor authentication (2FA) for added security.

Include a Trust this device for X days option to avoid overuse.

7. Enable third-party authentication for ease of use, such as Twitter, Facebook, Google, and LinkedIn.

In general, people are receptive to the rise of social authentication. One survey found that 77% of people find the option helpful and appealing.

8. Send magic links via email as a secure, easy to use alternative to password authentication that automatically signs in users.

You could also use biometric authentication as an alternative to password authentication, though it’s not easy to implement.