{"id":73544,"date":"2020-09-23T17:00:59","date_gmt":"2020-09-23T14:00:59","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/"},"modified":"2020-09-23T17:00:59","modified_gmt":"2020-09-23T14:00:59","slug":"how-ux-designers-can-save-us-from-our-own-shitty-passwords","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/","title":{"rendered":"#How UX designers can save us from our own shitty passwords"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2553f6a61c9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2553f6a61c9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#How_to_improve_password_UX\" >How to improve password UX<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Dont_use_too_many_security_rules\" >Don\u2019t use too many security rules<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Tell_users_why_secure_passwords_are_important\" >Tell users why secure passwords are important<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Add_the_option_to_showhide_passwords\" >Add the option to show\/hide passwords<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Include_a_password_strength_meter\" >Include a password strength meter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Switch_to_passphrases\" >Switch to passphrases<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Consider_password_alternatives\" >Consider password alternatives<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Utilize_single_sign-on\" >Utilize single sign-on<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Use_fingerprints_and_face_recognition\" >Use fingerprints and face recognition<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Allow_passwordless_sign-in\" >Allow passwordless sign-in<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Enable_email_login\" >Enable email login<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Provide_physical_security_keys\" >Provide physical security keys<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#Simple_and_secure_password_UX\" >Simple and secure password UX<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong>#How UX designers can save us from our own shitty passwords<\/strong>&#8221;<\/p>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">watch Movies<\/a> or TV series visit the <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/dizi.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Dizi.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<div>\n                            <span>In 2019, cybercrime cost businesses more than $2 trillion globally. With the influx of digital products, more and more people are reusing login credentials \u2013 the leading cause of data breaches. For too long, the user experience of password management has been ignored. It\u2019s time for designers to rethink every aspect of password UX.<\/span><\/p>\n<p>Much of our lives are digitally managed. There\u2019s an <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>, website, or SaaS platform for nearly every aspect of the human experience, and they all require passwords. With so many accounts come problems.<\/p>\n<p>According to <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"http:\/\/passwordresearch.com\/index.html\">passwordresearch.com<\/a>, 80% of data breaches are traced to weak or reused login credentials, 61% of people use the same password for multiple accounts, and only 44% of users change passwords at least once per year.<\/p>\n<p>That\u2019s a lot of trust to place in online platforms. If one app is hacked, all accounts are vulnerable.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" class=\"\" src=\"https:\/\/bs-uploads.toptal.io\/blackfish-uploads\/uploaded_file\/file\/282633\/image-1593012167151-dff48994bad54af94cc343355e1555d1.png\" alt=\"Password ux\" width=\"715\" height=\"412\"\/><\/figure>\n<p>The present-day password situation is frightening. As <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.toptal.com\/designers\/ux\">designers<\/a>, we might be tempted to concentrate on the visual appeal of login screens while ignoring how users actually create passwords. We might even think that passwords are developers\u2019 responsibility.<\/p>\n<p>Unfortunately, the password problem has a real business impact. Frustration during signup leads potential users to abandon the process altogether. Others forget the convoluted passwords they were forced to create and overrun customer support, wasting time, manpower, and money.<\/p>\n<p><em>[Read: <span class=\"c-message_attachment__title\"><span dir=\"auto\">Are EVs too expensive? Here are 5 common myths, debunked<\/span>]<\/span><\/em><\/p>\n<p>A poorly considered password process has a negative domino effect on users and businesses alike. Is there anything designers can do to improve the situation?<\/p>\n<h2 id=\"how-to-improve-password-ux\"><span class=\"ez-toc-section\" id=\"How_to_improve_password_UX\"><\/span>How to improve password UX<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There are a number of strategies that improve password UX, and they aren\u2019t overly complex. As always, it\u2019s important to have a picture of core users when planning a password experience. Aim to strike a balance between:<\/p>\n<ul>\n<li>Clear instructions<\/li>\n<li>Simple actions<\/li>\n<li>Long-term user security<\/li>\n<\/ul>\n<figure>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"Reset password ux\" width=\"745\" height=\"475\" class=\" lazy\" src=\"https:\/\/bs-uploads.toptal.io\/blackfish-uploads\/uploaded_file\/file\/284203\/image-1593173915804-07cd24b9f48615d48bc3c9cd3d97bd4c.png\" data-lazy=\"true\"\/><figcaption><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/dd\/2020\/09\/23\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Fthenextweb.com%2Fdd%2F2020%2F09%2F23%2Fhow-ux-designers-can-save-us-from-our-own-shitty-passwords%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Here\u2019s an example of what not to do. The user receives an error message (Too long) but no clear indication of how to fix it or what the acceptable length is.\" data-title=\"Share Here\u2019s an example of what not to do. The user receives an error message (Too long) but no clear indication of how to fix it or what the acceptable length is. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Here\u2019s an example of what not to do. The user receives an error message (Too long) but no clear indication of how to fix it or what the acceptable length is. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>Here\u2019s an example of what not to do. The user receives an error message (Too long) but no clear indication of how to fix it or what the acceptable length is.<\/figcaption><\/figure>\n<\/p>\n<\/figure>\n<h3 id=\"dont-use-too-many-security-rules\"><span class=\"ez-toc-section\" id=\"Dont_use_too_many_security_rules\"><\/span>Don\u2019t use too many security rules<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It ought to be easy to create a password. Forcing users to adhere to a long list of requirements causes friction in the signup process. It\u2019s best to allow users to create whatever passwords they want, but if they choose something obvious like <em>12345<\/em>, let them know that their personal information is vulnerable.<\/p>\n<h3 id=\"tell-users-why-secure-passwords-are-important\"><span class=\"ez-toc-section\" id=\"Tell_users_why_secure_passwords_are_important\"><\/span>Tell users why secure passwords are important<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>No one likes to follow rules or instructions without context. Instead of impeding account creation, educate users about the dangers of identity theft and data attacks. Where possible, use real-world <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.cybintsolutions.com\/cyber-security-facts-stats\/#:~:text=In%202018%20hackers%20stole%20half,every%20day%20reports%20Cybersecurity%20Ventures.\">stats<\/a> to drive the point home: \u201cDid you know that a cybersecurity attack occurs every 39 seconds?\u201d<\/p>\n<h3 id=\"add-the-option-to-showhide-passwords\"><span class=\"ez-toc-section\" id=\"Add_the_option_to_showhide_passwords\"><\/span>Add the option to show\/hide passwords<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u201cUsability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn\u2019t even increase security, but it does cost you business due to login failures.\u201d \u2013Jakob Nielsen<\/p>\n<p>Allow users to see passwords by placing <em>Show\/Hide<\/em> icons within password input fields. An eye that opens and closes when clicked is common, but depending on the product and users, it might be more effective to include a simple <em>Show\/Hide<\/em> text toggle.<\/p>\n<p>Some sites default to unmasked input fields. While this strategy is <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly welcomed by users, it should be employed with a <em>Hide<\/em> option for less secure environments (cafes, offices, etc.).<\/p>\n<figure>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"Password requirements ux\" width=\"742\" height=\"484\" class=\" lazy\" src=\"https:\/\/bs-uploads.toptal.io\/blackfish-uploads\/uploaded_file\/file\/282635\/image-1593012201768-dfd448c16b7cda9d2c7096b314409a18.png\" data-lazy=\"true\"\/><figcaption><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/dd\/2020\/09\/23\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Fthenextweb.com%2Fdd%2F2020%2F09%2F23%2Fhow-ux-designers-can-save-us-from-our-own-shitty-passwords%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Along with clear password instructions, Maxwell Health utilizes easily identifiable Show\/Hide icons with text labels.\" data-title=\"Share Along with clear password instructions, Maxwell Health utilizes easily identifiable Show\/Hide icons with text labels. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Along with clear password instructions, Maxwell Health utilizes easily identifiable Show\/Hide icons with text labels. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>Along with clear password instructions, Maxwell Health utilizes easily identifiable Show\/Hide icons with text labels.<\/figcaption><\/figure>\n<\/p>\n<\/figure>\n<h3 id=\"include-a-password-strength-meter\"><span class=\"ez-toc-section\" id=\"Include_a_password_strength_meter\"><\/span>Include a password strength meter<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Password strength meters give real-time feedback and tell users how well passwords will withstand <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/securityaffairs.co\/wordpress\/96531\/cyber-crime\/cybercrime-statistics-in-2019.html#:~:text=According%20to%20the%20IC3%20Annual,2019%20reached%20US%2413M.\">data attacks<\/a>. Strength meters should be paired with thoughtful copy that communicates different levels of password effectiveness.<\/p>\n<p><em>Weak<\/em>, <em>medium<\/em>, and <em>strong<\/em> are helpful indicators, but copy needs to warn users of what\u2019s at stake: \u201cYour password leaves you exposed to data theft.\u201d<\/p>\n<p>Along with copy, consider what colors will make an impact, but remember that color has cultural significance.<\/p>\n<figure>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"Password validation best practices\" width=\"736\" height=\"424\" class=\" lazy\" src=\"https:\/\/bs-uploads.toptal.io\/blackfish-uploads\/uploaded_file\/file\/284204\/image-1593173956508-c2398d3a9e6a4be579bf0eece7221388.png\" data-lazy=\"true\"\/><figcaption><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/dd\/2020\/09\/23\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Fthenextweb.com%2Fdd%2F2020%2F09%2F23%2Fhow-ux-designers-can-save-us-from-our-own-shitty-passwords%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: MEGA, a cloud storage provider, pairs informative copy with its password strength meter.\" data-title=\"Share MEGA, a cloud storage provider, pairs informative copy with its password strength meter. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share MEGA, a cloud storage provider, pairs informative copy with its password strength meter. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>MEGA, a cloud storage provider, pairs informative copy with its password strength meter.<\/figcaption><\/figure>\n<\/p>\n<\/figure>\n<h3 id=\"switch-to-passphrases\"><span class=\"ez-toc-section\" id=\"Switch_to_passphrases\"><\/span>Switch to passphrases<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Passphrases tend to be anywhere from eight to 16 characters, but they can be longer. The greater the length, the more likely it is that a passphrase can endure a <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/resource-center\/definitions\/brute-force-attack\">brute force attack<\/a>.<\/p>\n<p>The appeal of <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/protonmail.com\/blog\/protonmail-com-blog-password-vs-passphrase\/\">passphrases<\/a> is that they\u2019re easy to remember. Instead of something weak and forgettable like <em>myhouse5<\/em>, a user might enter <em>myhouseisawesomeandcozy<\/em>.<\/p>\n<p>For passphrases with four or more words, a high level of randomness isn\u2019t needed, but users should be warned to avoid well-known word pairings (song lyrics, movie quotes, etc.).<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" class=\"\" src=\"https:\/\/bs-uploads.toptal.io\/blackfish-uploads\/uploaded_file\/file\/282637\/image-1593012230974-d9ef913e43cfbe0e9156c95ed7ea06a1.png\" alt=\"Password validation ux\" width=\"772\" height=\"445\"\/><\/figure>\n<h2 id=\"consider-password-alternatives\"><span class=\"ez-toc-section\" id=\"Consider_password_alternatives\"><\/span>Consider password alternatives<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Passwords are a well-established paradigm, but they aren\u2019t the only way to protect user data. Biometrics, physical hardware, and reimagined login processes are part of a tech industry push to make passwords a thing of the past.<\/p>\n<h3 id=\"utilize-single-sign-on\"><span class=\"ez-toc-section\" id=\"Utilize_single_sign-on\"><\/span>Utilize single sign-on<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Single sign-on (SSO) is a strategy whereby users gain access to multiple products and services with one username and password. Sites and apps that use SSO rely on third parties (companies like Google, <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Facebook<\/a>, and Apple) to verify user identities. All users have to do is grant access to their SSO accounts.<\/p>\n<p>SSO prevents users from piling up passwords, increases onboarding speed, and allows businesses to benefit from the security infrastructure of larger companies.<\/p>\n<figure>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"Change password ux\" width=\"737\" height=\"425\" class=\" lazy\" src=\"https:\/\/bs-uploads.toptal.io\/blackfish-uploads\/uploaded_file\/file\/282638\/image-1593012257377-e902835f4dd4ad63882b9a83310a503c.png\" data-lazy=\"true\"\/><figcaption><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/dd\/2020\/09\/23\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Fthenextweb.com%2Fdd%2F2020%2F09%2F23%2Fhow-ux-designers-can-save-us-from-our-own-shitty-passwords%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Rather than creating more passwords, new Kayak users can choose from a handful of SSO providers.\" data-title=\"Share Rather than creating more passwords, new Kayak users can choose from a handful of SSO providers. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Rather than creating more passwords, new Kayak users can choose from a handful of SSO providers. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>Rather than creating more passwords, new Kayak users can choose from a handful of SSO providers.<\/figcaption><\/figure>\n<\/p>\n<\/figure>\n<h3 id=\"use-fingerprints-and-face-recognition\"><span class=\"ez-toc-section\" id=\"Use_fingerprints_and_face_recognition\"><\/span>Use fingerprints and face recognition<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Many phones, laptops, and tablets are equipped with biometric <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> that is easily integrated into the sign-on process. Rather than entering passwords, users simply touch or glance at their devices. Security increases because faces and fingerprints are difficult (<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/fortune.com\/2019\/12\/12\/airport-bank-facial-recognition-systems-fooled\/\">though not impossible<\/a>) to forge.<\/p>\n<p>One drawback is that there are still devices without biometric capabilities, so designers should make other log in options available.<\/p>\n<h3 id=\"allow-passwordless-sign-in\"><span class=\"ez-toc-section\" id=\"Allow_passwordless_sign-in\"><\/span>Allow passwordless sign-in<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>As long as users have smartphones and usernames, passwordless sign-in is a viable option. After entering usernames, users receive an onscreen message containing a PIN number. At the same time, a phone notification prompts users to select a matching PIN from a list of options. This process also works with fingerprints and face recognition.<\/p>\n<h3 id=\"enable-email-login\"><span class=\"ez-toc-section\" id=\"Enable_email_login\"><\/span>Enable email login<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nearly everyone who uses digital products has an email address, and most people already use email for security measures like forgotten passwords and usernames. <strong>Why not go a step further?<\/strong><\/p>\n<p>Email login works by sending time-limited links to users\u2019 inboxes. Slack and Medium have an email login feature called \u201cMagic Link\u201d that makes sign-on much more seamless.<\/p>\n<figure>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"Password recovery ux\" width=\"749\" height=\"432\" class=\" lazy\" src=\"https:\/\/bs-uploads.toptal.io\/blackfish-uploads\/uploaded_file\/file\/282639\/image-1593012272507-5499efceee776393daf0dc4821ef376e.png\" data-lazy=\"true\"\/><figcaption><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/dd\/2020\/09\/23\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Fthenextweb.com%2Fdd%2F2020%2F09%2F23%2Fhow-ux-designers-can-save-us-from-our-own-shitty-passwords%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: Once Medium\u2019s email sign-on link lands in a user\u2019s inbox, it\u2019s only viable for 15 minutes.\" data-title=\"Share Once Medium\u2019s email sign-on link lands in a user\u2019s inbox, it\u2019s only viable for 15 minutes. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share Once Medium\u2019s email sign-on link lands in a user\u2019s inbox, it\u2019s only viable for 15 minutes. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>Once Medium\u2019s email sign-on link lands in a user\u2019s inbox, it\u2019s only viable for 15 minutes.<\/figcaption><\/figure>\n<\/p>\n<\/figure>\n<h3 id=\"provide-physical-security-keys\"><span class=\"ez-toc-section\" id=\"Provide_physical_security_keys\"><\/span>Provide physical security keys<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Within enterprise organizations and industries where security is of utmost importance (finance, healthcare, etc.), more companies are opting to use physical keys. These cryptographic cards plug into USB ports and automatically enter single-use passwords in application sign-on fields.<\/p>\n<p>The tech is still developing, but it\u2019s proven to:<\/p>\n<ul>\n<li>Make sign-in 4x faster<\/li>\n<li><strong>Reduce support costs by 90%<\/strong><\/li>\n<li>Virtually eradicate account takeovers<\/li>\n<\/ul>\n<p>Additionally, companies like YubiKey are adding fingerprint recognition for increased protection. One obvious drawback is the risk of losing hardware. Even though lost keys can be disabled by administrators, account recovery is much more involved than pressing a \u201cforgot password\u201d button.<\/p>\n<figure>\n<figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"Password reset ux\" width=\"741\" height=\"427\" class=\" lazy\" src=\"https:\/\/bs-uploads.toptal.io\/blackfish-uploads\/uploaded_file\/file\/282640\/image-1593012285226-f01532c7ad25baa20f9ebf64b484a110.png\" data-lazy=\"true\"\/><figcaption><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/dd\/2020\/09\/23\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Fthenextweb.com%2Fdd%2F2020%2F09%2F23%2Fhow-ux-designers-can-save-us-from-our-own-shitty-passwords%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: YubiKey\u2019s cryptographic security card plugs into USB ports and dramatically improves sign-in speed.\" data-title=\"Share YubiKey\u2019s cryptographic security card plugs into USB ports and dramatically improves sign-in speed. on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share YubiKey\u2019s cryptographic security card plugs into USB ports and dramatically improves sign-in speed. on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>YubiKey\u2019s cryptographic security card plugs into USB ports and dramatically improves sign-in speed.<\/figcaption><\/figure>\n<\/p>\n<\/figure>\n<h2 id=\"simple-and-secure-password-ux\"><span class=\"ez-toc-section\" id=\"Simple_and_secure_password_UX\"><\/span>Simple and secure password UX<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>It\u2019s no knock against users, but they aren\u2019t the best at creating, remembering, or managing passwords, a fact that causes frustration and unnecessary UX friction. As <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.toptal.com\/designers\/ui\">designers<\/a>, we shouldn\u2019t settle for the status quo. We\u2019re problem solvers, and there are multiple ways we can refine or completely rethink the password experience.<\/p>\n<p>As long as there are digital accounts with sensitive data, we\u2019ll need to design ways for users to verify that they are who they say they are. Perhaps there will come a day when passwords are obsolete, but until then, we ought to strive for password user experiences that are simple and secure for all parties.<\/p>\n<p><em>So you\u2019re interested in UX design? Then join our online event, TNW2020, to explore the latest trends and emerging best practices in product development.<\/em><\/p>\n<p><em>The <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.toptal.com\/designers\/blog\">Toptal Design Blog<\/a> is a hub for advanced design studies by professional designers in the Toptal network on all facets of digital design, ranging from detailed design tutorials to in-depth coverage of new design trends, tools, and techniques. You can read the original piece written by <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"author_short_bio-name_link\" href=\"https:\/\/www.toptal.com\/designers\/resume\/mayank-sharma\">Mayank Sharma<\/a> <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.toptal.com\/designers\/ux\/password-ux\">here<\/a>. Follow the Toptal Design Blog on <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/toptaldesigners\">Twitter<\/a>, <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/dribbble.com\/toptal\">Dribbble<\/a>, <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.behance.net\/toptaldesigners\">Behance<\/a>, <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.linkedin.com\/showcase\/toptaldesigners\/\">LinkedIn<\/a>, <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.facebook.com\/toptaldesigners\">Facebook<\/a>, and <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.instagram.com\/toptaldesigners\/\">Instagram<\/a><\/em><span><em>.<\/em> <\/span><\/p>\n<p class=\"post-article-read-next\">\n    <b>Read next:<\/b><\/p>\n<p>        Volvo&#8217;s owner will offer its \u2018transformative\u2019 EV tech to competitors    <\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><script async defer src=\"https:\/\/platform.instagram.com\/en_US\/embeds.js\"><\/script><\/p>\n<blockquote>\n<p style=\"text-align: center;\"><strong>if you want to watch Movies or Tv Shows go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/dizi.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Dizi.BuradaBiliyorum.Com<\/a> <\/span> for forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/dd\/2020\/09\/23\/how-ux-designers-can-save-us-from-our-own-shitty-passwords\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How UX designers can save us from our own shitty passwords&#8221; If you want to watch Movies or TV series visit the Dizi.BuradaBiliyorum.Com In 2019, cybercrime cost businesses more than $2 trillion globally. With the influx of digital products, more and more people are reusing login credentials \u2013 the leading cause of data breaches. For&#8230;<\/p>\n","protected":false},"author":1,"featured_media":73545,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2020\/09\/1-22.jpg&signature=b9d2f217867a351b32965f5e5d304601","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[72075,72284,72286,72072,72285,72287,70759,71821],"class_list":["post-73544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-credential","tag-designer","tag-identity-theft","tag-password","tag-personally-identifiable-information","tag-security","tag-tech","tag-user-experience"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/73544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=73544"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/73544\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/73545"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=73544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=73544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=73544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}