Home » Designing password entry to provide hints

Designing password entry to provide hints


Although following your suggestion of providing password information when entering a password may make it easier to get the right password (although this is still arguable), it comes at the cost of worse security.

If someone needs an easier to remember password, let them choose that, but by you revealing something about their password when entering, you essentially force them to use an even more secure password, which is even harder to remember.

An aspect of UX is keeping private information private, and simply giving any information about a password, makes it less secure and, in my opinion, hurts the UX far more than it helps.

TL;DR: Don’t do this.

Well then.

This probably wouldn’t be a great idea.

It would be easier to hack

If you did this at the start/middle/end of the word, it would take barely any time to brute-force the account. Basically, that means that the hacker could systematically use dictionary words until they found the correct one.

It’s hard to implement

Also, your login form should be focused and simple and neat, and shouldn’t have all sorts of weird features like this.

Users probably won’t like it

Users are used to forgetting passwords, and they might be a bit confused/shocked/angry/scared if, on the forgot password page, it said the first letters of their password in large letters.

Users are also used to getting reset emails and immediately going to their inbox after pressing the reset button. If they were just faced with two letters and still couldn’t know what it was, then they wouldn’t be able to get in.


Let’s look at this from a user’s point of view.

  1. You setup an account
  2. You want it to be very secure (of course)
  3. You’ve forgotten your password
  4. You can’t remember it at all
  5. You do a password reset
  6. It then shows you the first and last letter of your password in large pink and purple letters
  7. You can remember your password now! Hurrah!

Now, let’s look at this from a hacker’s point of view.

  1. You find out about this website
  2. You see that the password reset shows you the first and last letter of your password in large pink and purple letters
  3. You then put the user’s account username into the password reset
  4. Then, the letters are revealed
  5. You then get a robot to try out all the dictionary words starting with those letters
  6. You have then got access to the user’s login details.

Now then, this would not be good. No it wouldn’t.

Related Solutions

Pin-board effect with CSS [closed]

You can use JavaScript to accomplish this but it can't be done with CSS floats alone. A library like jQuery masonry will do it well. The reason? The specs on floats. In particular #5 which says, "The outer top of a floating box may not be higher than the outer...

Calculate the sum with minimum usage of numbers

Here's a hint: 23 : 11 + 11+ 1 ( 3 magic numbers) 120: 110+ 10 (2 magic numbers) The highest digit in the target number is the answer, since you need exactly k magic numbers (all having 1 in the relevant position) in order for the sum to contain the digit k. So...

Why not drop the “auto” keyword? [duplicate]

Your proposal would be rejected on the basis of backward compatibility alone. But let's say for the sake of argument that the standards committee like your idea. You don't take into account the numerous ways you can initialize a variable widget w; // (a) widget...

Recursive to iterative using a systematic method [closed]

So, to restate the question. We have a function f, in our case fac. def fac(n): if n==0: return 1 else: return n*fac(n-1) It is implemented recursively. We want to implement a function facOpt that does the same thing but iteratively. fac is written almost in...

How can I match values in one file to ranges from another?

if the data file sizes are not huge, there is a simpler way $ join input1 input2 | awk '$5<$4 && $3<$5 {print $2, $5-$3+1}' B100002 32 B100043 15 B123465 3 This Perl code seems to solve your problem It is a common idiom: to load the entire...

Javascript difference between “=” and “===” [duplicate]

You need to use == or === for equality checking. = is the assignment operator. You can read about assignment operators here on MDN. As a quick reference as you are learning JS: = assignment operator == equal to === equal value and equal type != not equal !==...

Compiler complains about misplaced else [closed]

Your compiler complains about an misplaced else because, well, there is an else without a preceding if: // ... for (j=1; j<n-i; j++) { if(a[j]<=a[j+1]) { // ... } // END OF IF } // END OF FOR else { continue; } // ... The else in your code does not follow...

Bootstrap – custom alerts with progress bar

/* !important are just used to overide the bootstrap css in the snippet */ .alertContainer { border-radius: 0 !important; border-width: 0 !important; padding: 0 !important; height: auto !important; position: absolute !important; bottom: 15px !important; left:...

How to Garbage Collect an external Javascript load?

Yes, s.onload = null is useful and will garbage collect! As of 2019, it is not possible to explicitly or programmatically trigger garbage collection in JavaScript. That means it collects when it wants. Although there is cases where setting to null may do a GC...

Math programming with python

At first, what you are looking for is the modulo operator and the function math.floor() Modulo from wikipedia: In computing, the modulo operation finds the remainder after division of one number by another (sometimes called modulus). for example: 12%12=0...

Android slide over letters to create a word [closed]

Here some advice you can use: First for each cell you can create an object that represents the state of that cell: class Cell { char mChar; int row,column; boolean isSelected; } then you can create a 2D array of your cells Cell[][] mTable = ... For views you...

Sum two integers in Java

You reused the x and y variable names (hence the variable x is already defined in method main error), and forgot to assign the ints read from the Scanner to the x and y variables. Besides, there's no need to create two Scanner objects. public static void...

Extend three classes that implements an interface in Java

Using this simplified implementation of the library, using method() instead of M(): interface IFC { void method(); } class A implements IFC { public void method() { System.out.println("method in A"); }; } As akuzminykh mentions in their comment You'd write a...