Do You Need To Confirm/Verify Passwords On Sign Up?

September 2009

This is something I’m curious about and something I’d like to get your feedback on. Do you need to confirm passwords on sign up?

It's an extra field

For me, I don’t think you do need to confirm your password. It’s an extra field to fill in therefore it takes extra time to complete sign up, so the more fields there are to complete the more I’ll think twice about signing up.

But what if I misspell my password?

A password field will be starred out i.e. you don’t see what you’re typing, which means you could easily make a mistake and submit the wrong password without knowing.

This is where the ‘Forget your password’ function comes in handy, which is an inconvenience but will have you up and running again with your old/new password in a couple of minutes.

Sign up forms with confirm password

WuFoo
wu.jpg
GMail
google.jpg
Basecamp
base.jpg

Sign up forms without confirm password

Twitter
twit.jpg
Facebook
face.jpg
Tumblr
tumb.jpg

What you think on Twitter

What's everyones thoughts on confirm/verify password fields on sign up. Are they necessary?

I’d say if you have a FOOLPROOF password reset mechanism it’s ok, but remember users are always the weak link.

Annoying and not needed if there’s decent ‘forgot your password’ functionality later in the game.

yes! either that or do what neilsen suggests and make password fields plain text… :o

Confirm/Verify just a nuisance to me, I use 1Password or Textexpander to fill that in, so it just makes me paste twice

They are useful, but not necessary, somehow it looks unfriendly, like mistrusting the user.

Unnecessary. The iphone Password system is good. You see the char you typed for 1 sec then it disappears

I despise them. Just make sure they have a means of getting back in if they do manage to mess it up :)

They don’t bother me so much, handy for the odd times when a typo is entered into a password field during a rushed sign-up.

Yes. A large portion of support calls to clients regarding log in issues were reduced when we introduced a p/word confirm field.

i would think so, just incase you mistype it =)

To confirm or not to confirm?

What is the best route to take if designing/developing a sign up form? Have an extra field to verify the password or forget about the extra field and assume if the user makes a mistake they can use the forgotten password link? Or is there something else about the confirm password field that I’m overlooking here?

Let me know what you think as a user and your reasoning behind your preference.

Receive more design content like this to your inbox

I promise not to spam you. No more than one email per week.

I blog and share links about web design, user experience, product development, HTML/CSS, email design and anything else I find interesting.

No thanks