The Usability Blog
A Practical Guide to User Experience Insights

Password Rules Should Never be Hidden!

Don’t hide the password rules from potential customers!

We all have experienced the anxiety of coming up with a secure and unique password when creating a new account. Too often we simply relied on a familiar stand-by used for other accounts and risked the hackers delight at getting one password to open them all.

As companies increase their site security by requiring longer and more complex passwords, new customers may become frustrated by a password field that only exposes the rules in an error message after the rules are not met.

1-password rules error

Ironically, this site had a question-mark icon to the right of the field that expanded to reveal the rules, but none of the users clicked it.

2-password guidelines blue

Sites that display the rules in the field until the user starts to enter text are also frustrating, even if there is only one rule, which doesn’t make this account very secure.

3-one rule

Southwest Airlines wants to ensure customers are creating a strong password, but locates the rules at the top of the Username & Password section. However, the rules are complex and not in close enough proximity to the password field, so customers may overlook them.

4-SWA password requirements

This site displays the requirements in the field (although the text disappears upon typing), but also below and right of the field, virtually guaranteeing the requirements will be viewed.

5-password rules redundant display

These two sites also display complex password rules to the right of the field and indicate when the rules have been met by adding a green check mark or a “Strength” indicator that changes from red to green. Both sites also provide a way for the user to see what they are typing (which arguably is less secure if there are others observing the process).

 6-display rules met indicator

7-show rules and strength

To make account password creation a more pleasant customer experience, visibly display the password rules so that your site visitors can see them before they enter text in the field (NN Group: https://www.nngroup.com/articles/password-creation/ ). In addition, display the rules in close proximity to the password field and keep them visible while typing.

-Judy Kistler-Robinson, Senior User Experience Specialist, Usability Sciences


Sign up to become a Paid Test Participant.

Sign UP Now


“From beginning to end, everyone I interacted with from Usability Sciences was professional and thorough. I was impressed with the testing technology, the methodology and especially the team that led the project. This is one of the most impactful pieces of research I have ever delivered to my team. Thank you!”

Senior Director
Digital Media Television Networks

“USC managed tight timelines and a client team that was tough to wrangle, But more importantly, the quality of the work was exemplary. It's work I would hold up as "the way we should do things" and share as a case study across the organization.”

Group Product Director
Digital Marketing, Pharmaceutical Company