Although following your suggestion of providing password information when entering a password may make it easier to get the right password (although this is still arguable), it comes at the cost of worse security.
If someone needs an easier to remember password, let them choose that, but by you revealing something about their password when entering, you essentially force them to use an even more secure password, which is even harder to remember.
An aspect of UX is keeping private information private, and simply giving any information about a password, makes it less secure and, in my opinion, hurts the UX far more than it helps.
TL;DR: Don’t do this.
This probably wouldn’t be a great idea.
It would be easier to hack
If you did this at the start/middle/end of the word, it would take barely any time to brute-force the account. Basically, that means that the hacker could systematically use dictionary words until they found the correct one.
It’s hard to implement
Also, your login form should be focused and simple and neat, and shouldn’t have all sorts of weird features like this.
Users probably won’t like it
Users are used to forgetting passwords, and they might be a bit confused/shocked/angry/scared if, on the forgot password page, it said the first letters of their password in large letters.
Users are also used to getting reset emails and immediately going to their inbox after pressing the reset button. If they were just faced with two letters and still couldn’t know what it was, then they wouldn’t be able to get in.
Let’s look at this from a user’s point of view.
- You setup an account
- You want it to be very secure (of course)
- You’ve forgotten your password
- You can’t remember it at all
- You do a password reset
- It then shows you the first and last letter of your password in large pink and purple letters
- You can remember your password now! Hurrah!
Now, let’s look at this from a hacker’s point of view.
- You find out about this website
- You see that the password reset shows you the first and last letter of your password in large pink and purple letters
- You then put the user’s account username into the password reset
- Then, the letters are revealed
- You then get a robot to try out all the dictionary words starting with those letters
- You have then got access to the user’s login details.
Now then, this would not be good. No it wouldn’t.