Project

General

Profile

Actions

Feature #12899

closed

Improved password documentation on registration page

Added by Boone Gorges over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
Registration
Target version:
Start date:
2020-06-05
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

We ask users to provide a password at the time of registration. I propose two improvements:

1. Show a password strength meter
2. Add a message along the lines of "Please use a strong password that is unique to your Commons account." We might also consider having a Help page that summarizes password best practices, including recommendations on password managers, and provide a link to this documentation from the registration page.

Item 1 is a purely technical task which we can borrow from WP/BP, and I think we should go forward with it immediately. Ray, could I ask you to implement this?

For 2, I'd like to have feedback from the team to get thoughts.


Files

Peek 2020-06-05 16-08.gif (98.1 KB) Peek 2020-06-05 16-08.gif Boone Gorges, 2020-06-05 05:10 PM
passwords.png (7.9 KB) passwords.png Raymond Hoh, 2020-06-08 06:21 PM
Actions #1

Updated by Raymond Hoh over 4 years ago

  • Category name set to Registration
  • Status changed from New to Testing Required

1. Show a password strength meter

I've added the WP password strength meter on the registration page and on a user's "Settings > General" page:
- https://github.com/cuny-academic-commons/cac/commit/1fe64305eea08a1e44bef33e9be8e376a6804915
- https://github.com/cuny-academic-commons/cac/commit/7d723f8e74b7cafe90208cb3bafcfec8ca1fd9c3

This is available for testing on the development site.

One change I made to the registration page was to make the generated password 16 characters instead of BP's default of 12. Another thing to note is the generated password on a user's "Settings > General" page is 24 characters. Thought it was interesting that BP has different default password lengths on both the registration and "Settings > General" page.

Actions #2

Updated by Boone Gorges over 4 years ago

Amazing - thank you for doing this so quickly. IMO it looks excellent.

I've attached a short gif of how it works, for those who'd like a quick look.

Actions #3

Updated by Matt Gold over 4 years ago

Looks great!! I like the note that the pw should be unique to the account and the idea of creating a help page with more info on pw best practices, pw managers, etc

Actions #4

Updated by Boone Gorges over 4 years ago

Scott, could I ask you to take a first pass at drafting a brief page (or subsection of a larger page) about passwords? Don't re-invent the wheel - just emphasize that passwords should be strong and unique, encourage users to check out pw managers (LastPass, 1Password, whatever else is popular) and maybe link to more resources. Here's a good one from UC Santa Barbara that is well-pitched for our audience: https://www.it.ucsb.edu/password-best-practices

Actions #5

Updated by scott voth over 4 years ago

Actions #6

Updated by Boone Gorges over 4 years ago

Excellent!

Ray, could you add a message to the registration form? Maybe just below the 'Choose a password' label? Suggested text:

Please use a strong password that is unique to your Commons account. <a href="https://help.commons.gc.cuny.edu/password-considerations-and-best-practices/">Read more about password recommendations.</a>
Actions #7

Updated by Raymond Hoh over 4 years ago

I've attached a screenshot of what I've mocked up:

The screenshot adds the suggested text plus the password hint. I wasn't sure if we wanted to remove the existing password hint or not. Let me know what is preferred.

About the new help page, we should probably remove the blurb about 2FA since we do not currently offer that as an option (yet!).

Actions #8

Updated by Boone Gorges over 4 years ago

I think this looks good to me, Ray.

Scott, I think Ray's right about the section about two-factor authentication on the help page. I think it's OK to include it as a public service to our users, but maybe we want to mention that the Commons doesn't yet offer 2FA, but is exploring its use in the future.

Actions #9

Updated by scott voth over 4 years ago

I have added "(This method is not currently available on Commons, but we are considering implementing it.)"

Actions #10

Updated by Boone Gorges over 4 years ago

  • Status changed from Testing Required to Resolved

Let's mark this one resolved. Thanks for working on it!

Actions

Also available in: Atom PDF