-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
69 lines (61 loc) · 3.74 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<!DOCTYPE html>
<html>
<head>
<title>Better password UX</title>
<link rel="stylesheet" href="app.css">
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
</head>
<body>
<div class="container">
<div class="page-header">
<h1>Better password UX</h1>
</div>
<p class="lead">This page demonstrates better password inputs.</p>
<p>To help the user enter a better password which is more secure and memorable it's recommended to:</p>
<ol>
<li><a target="_new" href="https://www.nngroup.com/articles/stop-password-masking/">Not mask the password</a> by default</li>
<li>Only mask the password on blur (after they exit the field)</li>
<li>Or if the user is paranoid and explicitly wishes to mask it (A good UX principle is to never assume we know whats best for the user, they may have a valid reason for masking)</li>
<li>Only enter the password once. No confirm password input needed since the user can now read what they input</li>
<li>Display a live password strength indicator, that is ...
<ul>
<li>Helpful and clear to the user</li>
<li><a target="_new" href="https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/">Realistically measures password strength</a> against modern and probable threats</li>
<li>Guides the user to entering a better password</li>
</ul></li>
<li>Do <strong>*NOT*</strong> recommend to the user that they should use a combination of mixed upper case lowercase, numeric, or special characters</li>
<li>Do recommend to the user that they can enter a memorable set of words and spaces as their password. <a target="_new" href="https://blog.agilebits.com/2011/06/21/toward-better-master-passwords/">How to choose a secure password</a></li>
</ol>
<form>
<div class="form-group">
<label for="defaultPassword">Standard password input</label>
<input type="password" class="form-control" id="defaultPassword" placeholder="Standard password input" />
</div>
<div class="form-group">
<label for="improvedPassword">Better UX password masking</label>
<div class="input-group">
<input type="text" class="form-control password" id="improvedPassword" placeholder="Improved Password" data-toggle="tooltip" data-placement="top" title="Your password should be 8 or more characters long." />
<div class="input-group-addon"><span data-for="improvedPassword" title="Toggle password masking" class="mask-password glyphicon glyphicon-asterisk"></span>
</div>
</div>
<div class="progress">
<div id="improved-password-strength" class="progress-bar progress-bar-danger" role="progressbar" aria-valuenow="5" aria-valuemin="0" aria-valuemax="100" style="width: 5%"> <span class="sr-only">Strength</span>
</div>
</div>
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
</div>
<br />
<footer class="footer">
<div class="container">
<p class="text-muted">Passwords become stronger and easier to type when the user can read what they input.</p>
</div>
</footer>
<script src="https://code.jquery.com/jquery-3.1.1.slim.min.js"
integrity="sha256-/SIrNqv8h6QGKDuNoLGA4iret+kyesCkHGzVUUV0shc="
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/zxcvbn/4.4.1/zxcvbn.js" type="text/javascript" charset="utf-8"></script>
<script src="app.js" type="text/javascript" charset="utf-8"></script>
</body>
</html>