Introducing better password complexity with clear upfront requirements had no conclusive negative effect on sign-ups but will have improved the security of new member passwords.
-
CLIENT
TopCashback (all regions)
background
Users landing on the TopCashback site get shown a sign-up form. On its original state, there was minimal password requirements, and no feedback upfront of what those requirements were.
BRIEF
The business needed to improve account security to our site by implementing stronger minimum password requirements for new members and for anyone changing their password.
The main goal was to decrease the number of 'too guessable' and 'very guessable' passwords for new members as determined by a criteria.
The secondary goal was for the improved security not affect sign-up rates too negatively, and implementing a clean interface and feedback to make the password requirements easy to understand.
RESEARCH & DESIGN
In order to minimise sign-up rates as little as possible, we determined we needed to avoid the usage of the 'red' colour when indicating if the password had not yet reached password requirements. This is because most users associate red with errors or as a negative. We still included icons of Xs and Checkmarks for better accessibility so colour-blind users would be able to see which requirements they still had not met yet.
From some usability testing, we also decided to make all requirements visible up until the user had met ALL of the requirements. This was done to avoid constant movement within the form whilst they met part of the criteria as otherwise it was distracting.
Additionally, we implemented an 'eye' into the password field so the user could view their password before submitting the form. This was designed to ease the new complex password requirements.
A screenshot of some of the notes and variations we worked through in the designs
Implementation
There was no A/B split test conducted as it was part of a security improvement requirement with a matter of urgency. However, the new complexity will have improved new member passwords thus securing their accounts further.
We retrospectively looked at sign-up rates from before and after the project's implementation and there was no conclusive data whether it was affected. However, the benefit of a stronger password requirement was also a brand exercise to help increase member trust.