Does your website have an element that requires a user to sign in? Have you thought about the process at all?
We all have tales of websites that seem to want to make it difficult to interact with them. I doubt that any of them were designed to be awkward – they just ended up that way because nobody demanded that the website designer made the process easy.
Some things are obvious. It’s reasonable to demand that users have a password that’s reasonably secure, but we shouldn’t limit what users who are quite aware of that can do. For example, most of us know that password length trumps character complexity, so don’t tell me that I have to include “at least one special character” (or whatever) if I’m trying to use a securely long password without one. And for goodness’ sake, don’t only reveal the rules after I’ve created my password!
However, we must accept that if our website is not one that users will visit often, it’s essential to allow for forgotten passwords. If a user can’t sign in, our priority is to get them to do so securely. Sending them a temporary password through an email process and then forcing them to set yet another one is going to lose us our less enthusiastic customers.
Website designers today should know all about auto-generated passwords, simple two-factor authentication and magic links. We all need to sit down with ours and look at the most appropriate ways of making the website interaction process as easy as possible …for the customer.