Welcome to Dramatis Commentatis Theater, Act 1.
The crowd is hushed. Four actors in black clothing with black hats stand straight on the darkened stage, head bowed. The spotlight turns to the fellow one from the left. He jerks, suddenly, from quiet stillness to violent motion, ripping off his hat and stomping on it.
OMGZ THE PASSWORD FIELD IS CLEAR TEXT? HOW AM I SUPPOSED TO KNOW THAT IN ADVANCE. GET REAL! YOU MUST BE KIDDIN ME!
The remaining three stir slowly from their own monolithic stillness. They turn their heads this way and that and whisper, almost to themselves. Your ears strain to hear. You’re not entirely sure to believe what your brain is telling you that you’re hearing—they are that quiet.
I liked it.
It’s neat.
Finally.
You reel a little, dizzy from the outburst and from the strain to hear the whispering.
You’ve just experienced the phenomenon of the (near) silent majority and the calamity howlers.
Meet the calamity howlers
A “calamity howler” is a persistently negative individual who predicts rack & ruin, frequently and at the top of his voice. It’s a great term that was especially popular in political writings back in the mid-to-late 1800’s but has since fell out of disuse.
I think this is a real shame and, if this isn’t your first day on the internet, I’m sure you understand why.
Calamity howlers in modern times
Among other, shall we say, strongly negative feedback we’ve received, we had at least one individual telling us we must be “fucking kidding him” because of our clear text password fields on the signup form.
On the subject of clear text credit card fields on the same form (and every other web app), he remained mum.
This man is a great example of a calamity howler. Just like people who tell us that if we only perform an auto-craniorectalectomy on our pricing scheme, he might consider signing up.
There’s just one problem with his theory.
Calamity howlers don’t become customers
And in the rare event that one does pony up money, you’ll soon regret taking it.
Anyone who feels so deeply wronged by a free service is going to feel even more wronged once he has paid for it.
Fake security vs Real security
We’re not going to change the fact that our password fields are clear text by default on signup.
Despite having expletives hurled at us (are expletives ever handed over gently?), and being told more politely that breaking convention is totally pointless.
Why did we even do it in the first place?
A simple reason: We hate the fake security theater surrounding web applications.
Real security is important to us: we keep your credit card data secure by not storing it ourselves—we leave that to the professionals of Authorize.net. They know what they’re doing with that stuff.
But fake security is our enemy. Fake security adds hurdles with no gain. With real security, the extra work is on us, to integrate with the credit card processing service. With fake security, the hurdles are for you, our customer: continuously logging in to applications that hardly contain sensitive nature (delicious, I’m looking at you), starred out password fields on registration that simply increase the chance of errors.
But, still, clear text password fields are not what everybody on the intertubes is trained to expect. Wouldn’t it be easier to just do what everyone else does?
The beauty of positive selection
Well, yes, it’d be easier. I wouldn’t be writing this article, for one. (At least not about this particular topic.)
But down that road madness lies!
People who like freckle like it because it’s different. That’s the reason we like it, too.
So when you first sign up, within the first few fields, you experience something different. Those password fields. The checkbox that lets you hide your password in case someone really is peeking over your shoulder (or you’re ultra paranoid).
If you’re like us, you hate those damn fake security password fields. And so when you come across our solution, you’ll smile. You might write us a nice little something about it.
You’re probably also going to like the rest of the app, too, because that little password field switcheroo is simply a small manifestation of our entire design philosophy.
If, on the other hand, you react like we just kicked your gramma in the teeth, you’re not going to like the app. It’s going to be one long elderly-face-kicking session for you.
So, sure, we could make the password fields back into what everyone else does to eliminate a part of the signup process that feels like a speed bump to some people. But that’d be almost like lying, wouldn’t it?
It’d be changing one projection of our design philosophy in order to entice people who aren’t going to like the rest of the app.
Folks like that will be happier with some other software in the time tracking space, the kind where you have to use 3 drop-down menus to select your client, then your project, and then your predefined task before you log your time. That will be comforting to them.
Why waste their time? Why waste ours?
We’d rather do what we think is right and let that be a line drawn in the sand for people who aren’t going to agree with us, anyway.
Otherwise we’re just going to have to take up gramma-kicking as a habit.
Do you enjoy a good gramma-kicking and other interface design intrigues? You should [subscribe][http://feeds.feedburner.com/freckletimetracking].
Well said. Politics are basically defined by the Calamity Howlers. It’s impossible to represent “the people” without raising all hell on the way.
It may just be rebel-without-a-cause syndrome. Some people seem to be happy only when they have something to be upset about, and if they don’t have anything to be upset about presently, they’ll go find something.
Oh well – much freckle love!
I agree that having the password clear text by default is a move forward, but I have two problems with your implementation :)
First: it’s not clear enough (or at least it wasn’t for me) that it’s cleartext, until you write into it. And when you’re used to typing the same password for most sites on the intertubes, you type it quickly enough and boom, if you were being watched, now someone else knows your password to most sites on the interwebs.
Not a big deal (I use different and “more secure” passwords for sites that hold my credit card information or the like), but still a little annoyance.
The second problem –which is tied to the first one– is that still in plaintext you ask me to repeat the password. That’s “another visual hint” that this is a password field with stars in it instead of clear text.
I’d rather have a single password field in clear text, and a more noticeable label of it being clear text (maybe before the field)
Keep it up :)
I’ll admit at first I felt weird having my password in clear text but you make an awesome point about the credit card. Never thought about it. Also, this post has the greatest opening paragraphs of all time. Solid!
I like your design philosophy.
There is a purely technical hurdle with clear text passwords: Firefox (and maybe other browsers) cache what’s typed in text inputs in order to provide users with a drop down of recently entered values later on. In this case, users’ password will be saved by Firefox on disk in a probably insecure manner, like “remember password for this site” would, but in this case a user didn’t opt-in for that.
Did you or are you planning to overcome that?
That’s almost the same thing I did while designing interface for a blogging platform I helped to build – the only difference is that I decided to hide those fields by default.
Here’s a screenshot (translated from Polish for obvious reasons)
Oh no, I thought you allow the use of Unicode! Very sorry about the mess.
I agree a 100% with Nicolas. I had the same experience when signing up, I didn’t notice it was cleartext until I typed on the field.
I agree with the previous comment about not needing the password confirmation. I think you gain more than you lose by using just one field. Maybe a couple people type it wrong (less now that its a text field) but they can use forgot password tools, and the rest get done quicker.
I pushed for a single password field when I worked at blurb.com and we never really had a problem with it. It makes the sign up form look less intimidating.
Agree with the parent comment. The problem is not the plain text password field, but the lack of a proper visible warning before the text field (and have to confirm something that was visible in the first place). When you are on the flow of form filling, you realize that the password is open only too late.
To me there is nothing wrong with experimentation and convention breaking, they are somewhat important, but being able to accept criticism and not be overly attached to design decisions is also great.
If you act like you always know beforehand what is best for your costumers and ditch honest feedback as “calamity howlers”, the decisions will tend to be treated as they are set in stone, which might compromise the product.
I agree with you guys about the confirmation field being extra (thanks for the story, Nathan), but I left it because people glossed right over it in our informal tests.
This is just v1 and we’ll experiment with making it more obvious, but I’m not going to make it be a regular password field because of the above :)
Mislav, the sign in version of the password field is a regular password field, with bullets and all. What you’re describing is not a problem.
Well I’m not one of the calamity howlers but I did signup for a free account on Saturday and had a what the hell moment. At first I thought I entered my password into the wrong field.
I think this might be a pet peeve of your own as judging from the reaction stuff like that has thrown off and even frustrated some of your users. Not something you want to do right off the bat.
But – if you have to write a blog post to many of your users to explain a portion of your sign up form it’s not a good sign. I think you should hide the clear text and let people turn it off. That’s my opinion.
You have a good point and a good intention. But throwing people off base and doing something that confuses and/or possibly frustrates them is not a sound decision. It’s such a trivial thing and it’s causing problems why not just nix the problem in the butt and focus on continually improving the app itself?
Just my two cents.
Jim,
If the problem is that people don’t see it ahead of time, then it’s a matter of a design refinement to make it more visible as opposed to changing the entire approach. That’s valuable feedback and I have no problem with it.
And it’s very different than telling somebody they’re fucking crazy just because they bucked a trend. Which is what I wasn’t planning on putting in BIG BOLD CAPS at the top of the article. But that’s what people have said, expletives and all. Now that’s a calamity howler.
Honestly, the whole app takes a really different approach to most web-based software (and especially others in our field). As of now (because our interactive help system’s not yet online) it takes reading the guide to learn all the things you can do with the 3 input fields. Surely everyone would have less of a learning curve if it was all CRUDed up like a normal app. But does that mean we shouldn’t design the rest of the app that way?
I’ll refine it, but I won’t change the very basis assumptions the design is based on.
FWIW, I didn’t write this post to explain the signup form. I wrote it to explain my theory of positive selection.
I’d also argue against the perception that it’s really causing a problem. The feedback we’ve received regarding the clear text password is 3:1 positive. People have mentioned it positively in tweets and blog posts, intending to highlight the design for the world at large, not just directly to us.
There’s no way a single app can please everyone. I’m going to stick with pleasing the people who already predisposed to enjoying the kind of software I believe in designing.
OK, in a way I like the idea of making it clear that passwords are sent in clear text.
But it seems like a solution to a problem you don’t need to have. Why not just avoid sending passwords in cleartext? Ie. use SSL and store a hash or digest of the password in your database and not the password itself.
Lau,
We don’t STORE the password in clear text in our database! :) It’s just for when you create your password, not using the HTML password field type, to make entering your not-all-that-important password as easy to double-check as your credit card.
After all, have you ever seen a signup form that blanks out your CC numbers?
Hi Amy
OK. I misunderstood. Usually in security terminology “clear text” is used when you are talking about storing or transmitting data.
Have you looked into how browsers handles “text” input field vs. “password” input field? I think browsers automatically saves text field contents for autocomplete.
So if I entered a password in a normal text field it, if I let someone else use my browser for instance, they’d might see my password if my browser suggested it.
I think CC numbers are less sensitive than passwords. I give out my CC number all the time. When you hand your CC to someone at a restaurant or something they can see it. I think passwords are more sensitive. If someone uses my password maybe I don’t know about it. If someone abuses my CC it shows up in the CC statement and I can get my money back.
I’d prefer if the default for the input field was of the password type with stars/dots and then a “show password” checkbox if you know no one is looking at your screen and you are unsure about what keys you are pressing. I guess those dots/stars annoys me mostly when entering passwords on the iPhone.