Does anyone else have an issue with this?
I mean, c’mon, if people are on the web, they login to sites every day. The login process, and for the most part the account creation process, is very basic and intuitive and done in a pretty much standard way across just about every site.
I’ve attached a screen capture of our login page, it was less cluttered but I’ve added some things and enhanced other things and changed the verbiage in an attempt to make them jump out. I don’t think people can read! No matter if we keep it totally clean and simple or if we add big bright red instructions, I get people every single day who have no clue how to get logged in or reset their password.
To be honest it might work better if you didn’t have all the “temporary password” stuff. Let the user pick the password when they sign up and let them change it after resetting the password, don’t send a temporary one.
SpacePhoenix, thanks.
The 3 I had the day I posted this all forgot their password and either called or emailed saying ‘i don’t know what to do’ or ‘can you give it to me’.
Unaware/unable/lazy about the Forgot Password feature is one of the most common problems.
The other is when the temporary password is emailed out, whether it is a new account or a password reset.
You know how it is in some software, when you take your cursor and try and highlight a specific thing to copy it, some softwares get very controlling. Email is one of them, so people are copying and pasting the temp password and in the copy process, they pick up a ‘space’ before or after the password so that when they paste it in, it’s not an exact match.
I’ve inserted into the temporary password email, a message written just underneath the temp password that tells them that copy and paste may fail at login, and i’ve written it in bold red letters. People just don’t read it.
As I write this, I’m wondering if I can program it such that it accept the temporary password exactly as it is, but allows for extra spaces on either end, or strips them away. Hmmmmm…???
Also start sending those password reset emails as plain text – it is the HTML emails that tend to get extra characters.
The question of “should I call TRIM()” on passwords before verifying them is interesting – on a purely technical level, whitespace characters are characters and one shouldn’t be making those kinds of presumptions about passwords, if your user wants a trailing space then they should get a trailing space and you shouldn’t try and think for them.
One successful way we’ve done password resets is to generate a link for a user rather than relying upon logins and such.
I agree. Iincludea link in the email instead of a temporary password. The link can include the userid and the temporary password so as to log the person in when they click on the link or paste it into their browser. If it is set up to take them to the change password screen to enter their new password then they will not need to know what the temporary password was.
I always use trim() in my web apps to strip leading and trailing spaces off things as I had the exact same problem with people copy/pasting spaces. I’m sure whatever language you’re using has a similar function.
OP: yes, some users ARE that stupid. But we can’t kill 'em, so we’re stuck with them.
I’ve found that dumb users can’t figure out activation email links or password resets. For activation links being sent to their email, most didn’t add the website domain to their safe sender list and it would just get bounced to the junk folder, or the user wouldn’t realize they had to click the activation link- they assumed that just by receiving the activation email everything was all set. Some users got pissed that they got any email from the website and flagged the activation email as spam.
Some don’t remember they were asked to pick a username and try logging in with their email address instead and wonder why the login won’t work.
Requiring secure passwords was also a no-go for the community site I was hired to work on. The users couldn’t remember anything and they had a 99% failure rate typing their passwords in- even after they wrote the password down somewhere so they wouldn’t forget. They would SWEAR it didn’t work for them and they’d get insulted when I suggested a copy/paste of their password- meanwhile I’d already checked their passwords and they magically worked for me…
We wound up changing the login form so that people could log in with either their username or the password registered to their account (provided they got the password right).
We also changed the activation link to read “click this link to finish creating your account” instead of showing the link to the activation page.
I think the worst of all was one user who wrote me a SCATHING email about her user account profile being made public for all to see. She didn’t realize (and refused to be told) that she was logged in looking at her own profile settings page. No matter what we told her, she just freaked out and wasn’t open to learning about how user accounts on community websites worked.
Since I was the only person who knew how to use the site administrative tools I was the one stuck with helping the dumb-dumbs. Then again the community site I was hired to work on didn’t appeal to the sharpest knives in the drawer if you know that I mean… That was part of the problem.
Yes and that’s why you can’t satisfy everyone. Not from my own experience but I’ve seen a guy telling over the phone “I’ve reset your password XXXXXX” and iterated every letter about 10 times. She still couldn’t type the letter that he recited… Eventually, he gave up and blamed the keyboard.
