Feature #12899
closed
Improved password documentation on registration page
Added by Boone Gorges over 4 years ago.
Updated over 4 years ago.
Category name:
Registration
Description
We ask users to provide a password at the time of registration. I propose two improvements:
1. Show a password strength meter
2. Add a message along the lines of "Please use a strong password that is unique to your Commons account." We might also consider having a Help page that summarizes password best practices, including recommendations on password managers, and provide a link to this documentation from the registration page.
Item 1 is a purely technical task which we can borrow from WP/BP, and I think we should go forward with it immediately. Ray, could I ask you to implement this?
For 2, I'd like to have feedback from the team to get thoughts.
Files
- Category name set to Registration
- Status changed from New to Testing Required
Amazing - thank you for doing this so quickly. IMO it looks excellent.
I've attached a short gif of how it works, for those who'd like a quick look.
Looks great!! I like the note that the pw should be unique to the account and the idea of creating a help page with more info on pw best practices, pw managers, etc
Scott, could I ask you to take a first pass at drafting a brief page (or subsection of a larger page) about passwords? Don't re-invent the wheel - just emphasize that passwords should be strong and unique, encourage users to check out pw managers (LastPass, 1Password, whatever else is popular) and maybe link to more resources. Here's a good one from UC Santa Barbara that is well-pitched for our audience: https://www.it.ucsb.edu/password-best-practices
Excellent!
Ray, could you add a message to the registration form? Maybe just below the 'Choose a password' label? Suggested text:
Please use a strong password that is unique to your Commons account. <a href="https://help.commons.gc.cuny.edu/password-considerations-and-best-practices/">Read more about password recommendations.</a>
I've attached a screenshot of what I've mocked up:
The screenshot adds the suggested text plus the password hint. I wasn't sure if we wanted to remove the existing password hint or not. Let me know what is preferred.
About the new help page, we should probably remove the blurb about 2FA since we do not currently offer that as an option (yet!).
I think this looks good to me, Ray.
Scott, I think Ray's right about the section about two-factor authentication on the help page. I think it's OK to include it as a public service to our users, but maybe we want to mention that the Commons doesn't yet offer 2FA, but is exploring its use in the future.
I have added "(This method is not currently available on Commons, but we are considering implementing it.)"
- Status changed from Testing Required to Resolved
Let's mark this one resolved. Thanks for working on it!
Also available in: Atom
PDF
