Show me your username and password requirements at login

This isn’t something I normally write about, but after the hundredth time creating an account with random password or username restrictions I am starting to lose my patience with companies.

If you are going to require that my username or password have special characters, numbers, capital and lowercase letters, or anything else, show those requirements on the login page.

No, hiding this information on the login page isn’t making your site more secure. Anyone trying to crack/guess someone’s username or password can easily pretend to create a new account, discover the requirements, and then use them as they see fit. Do you want to know who doesn’t do this? Real users.

The only people you are hurting by not displaying these requirements are real users like myself. Real people who visit your site and think, “Oh crap.. I don’t remember what special username/password requirements this site had…” and then spend the next 10 minutes trying to remember and/or guessing.

Finally, after twenty guesses or so, they will finally cave and fill out the “Forgot username/password?” form only to get the username in my email and think “Well shit, if I knew that was my username I would have been logged in hours ago.”

Or even worse, when they go through the flow to reset their password only to realize what their password is after their first is rejected for not including a greek character. They then head back to the login form and sign in, having wasted 15 minutes of their life.

If you want to require special characters, numbers, or even yogurt flavors in a user’s username or password I can deal with that. What drives me insane is keeping these requirements hidden when what a user has typed in clearly doesn’t meet them.

Learn Web Development with Go!

Sign up for my mailing list and I'll send you a FREE sample from my course - Web Development with Go. The sample includes three chapters from the book, and over 2.5 hours of screencasts.

You will also receive notifications when I release new articles, along with other freebies that I only share with my mailing list.

Avatar of Jon Calhoun
Written by
Jon Calhoun

Jon Calhoun is a full stack web developer who also teaches about Go, web development, algorithms, and anything programming related. He also consults for other companies who have development needs. (If you need some development work done, get in touch!)

Jon is a co-founder of EasyPost, a shipping API that many fortune 500 companies use to power their shipping infrastructure, and prior to founding EasyPost he worked at google as a software engineer.

Related articles

Spread the word

Did you find this page helpful? Let others know about it!

Vote on Hacker News

Sharing helps me continue to create both free and premium Go resources.

Want to discuss the article?

See something that is wrong, think this article could be improved, or just want to say thanks? I'd love to hear what you have to say!

You can reach me via email or via twitter.

Recent Articles All Articles Mini-Series Tags About Me Go Courses

©2018 Jonathan Calhoun. All rights reserved.