Show me your username and password requirements at login

This isn’t something I normally write about, but after the hundredth time creating an account with random password or username restrictions I am starting to lose my patience with companies.

If you are going to require that my username or password have special characters, numbers, capital and lowercase letters, or anything else, show those requirements on the login page.

No, hiding this information on the login page isn’t making your site more secure. Anyone trying to crack/guess someone’s username or password can easily pretend to create a new account, discover the requirements, and then use them as they see fit. Do you want to know who doesn’t do this? Real users.

The only people you are hurting by not displaying these requirements are real users like myself. Real people who visit your site and think, “Oh crap.. I don’t remember what special username/password requirements this site had…” and then spend the next 10 minutes trying to remember and/or guessing.

Finally, after twenty guesses or so, they will finally cave and fill out the “Forgot username/password?” form only to get the username in my email and think “Well shit, if I knew that was my username I would have been logged in hours ago.”

Or even worse, when they go through the flow to reset their password only to realize what their password is after their first is rejected for not including a greek character. They then head back to the login form and sign in, having wasted 15 minutes of their life.

If you want to require special characters, numbers, or even yogurt flavors in a user’s username or password I can deal with that. What drives me insane is keeping these requirements hidden when what a user has typed in clearly doesn’t meet them.

Learn Web Development with Go!

Sign up for my mailing list and I'll send you a FREE sample from my course - Web Development with Go. The sample includes 19 screencasts and the first few chapters from the book.

You will also receive emails from me about Go coding techniques, upcoming courses (including FREE ones), and course discounts.

Avatar of Jon Calhoun
Written by
Jon Calhoun

Jon Calhoun is a full stack web developer who teaches about Go, web development, algorithms, and anything programming. If you haven't already, you should totally check out his Go courses.

Previously, Jon worked at several statups including co-founding EasyPost, a shipping API used by several fortune 500 companies. Prior to that Jon worked at Google, competed at world finals in programming competitions, and has been programming since he was a child.

Related articles

Spread the word

Did you find this page helpful? Let others know about it!

Sharing helps me continue to create both free and premium Go resources.

Want to discuss the article?

See something that is wrong, think this article could be improved, or just want to say thanks? I'd love to hear what you have to say!

You can reach me via email or via twitter.

Recent Articles All Articles Mini-Series Progress Updates Tags About Me Go Courses

©2018 Jonathan Calhoun. All rights reserved.