Hey, how can I get Discourse to do X?


So, make everyone pay the mental cost of typing password twice during reset for the 2% of the time people mess it up? The math on that is screwed. That means 98% of people are doing pointless extra typing busywork for… reasons. Not a fan.

If it was some SUPER critical password like your master 2 factor auth password, sure, I could see that.


Ok that’s your call.


I’m with Soma on this. Even if I don’t mess it up, if there’s only one field, I worry that I have. It’s about peace of mind as much as anything.


Also chiming in with support for Soma. The cost of entering your password twice is worth avoiding the frustration of mistakenly entering the wrong password to me. They’re not “equal” costs, the cost of the mistake is higher, so it’s worth avoiding even if the cost of entering it twice is more frequent.

To me anyway.


I agree with Soma, Ginger, and Wholly as well. My reasoning matches theirs too.


I’m gonna get us some t-shirts!


In my experience when people reset their password and then cannot log in, the majority reaction isn’t necessarily

“Oh dear, I reset my password incorrectly, I better do it again.”


“Why wont this stupid website accept my password, I’d best contact support!”

Websites started asking for passwords to be re-entered for this very reason, it cuts down on support. If you wanted to say its not an issue on QT3 because we’re all smart and good looking, I wouldn’t necessarily argue with that. As a general feature for Discourse though, I think its worthwhile at least as an option.


Yeah, this. My reaction is another one of those f-ing sites that won’t take one of my patterns problem. pounds keyboard
And yes. I know that’s irrational.

I’m with the others. I’d prefer to make sure I didn’t mess it up on accident.


Having spent some time doing second-line support for a few password-protected payment websites, let me, uh, I dunno, ninth or whatever the suggestion to have them verify at time of reset.


Are you saying password resets are like a level 2 for your group? As in the second tier not tier 1?


Our whole dept. was technically tier 2 in the company hierarchy, though you could reach us via the main line by choosing the right options. We handled all issues with websites, web dev, wireless platforms, and–bizarrely–check readers.

So, sure, 60% of our call volume was password resets for clients who’d locked themselves out of their register at work that was using our basic payment platform as a frontend. . . but then every so often you’d get some guy with a goofy Javascript issue integrating with another platform more directly, and in any case, the main CS reps had access to exactly none of these systems.

It was a weird arrangement.


Oh I get it. Sometimes I have to remind my end-user I am neither desktop, server side or network support. I can’t do anything for them for their AD, slow internet, or sometimes even printing issues. I usually help them log a ticket though with that group. End-users prefer one stop shopping… that’s supposed to be the Help Desk thought, Tier 1. I just happen to be the lady they hear from the most who works in IT.


Feel free to read up on it, @soma @Ginger_Yellow @WhollySchmidt @arrendek

The password unmask button (which Edge, and Safari implement) is the best way to go here. Blindly duplicating the user hostile bad design choices made in anno domini 2000… isn’t.

I will say that for EXTREMELY critical passwords like, again, your master 2 factor auth password on 1password or whatever, I agree this kind of “belt and suspenders” is a good idea. But otherwise, not just no, but hellllll no.


The answers on that post are split pretty evenly.

I mean, I agree that unmask is probably the solution here, but so much of modern UX design smacks of reflexive iconoclasm.


Er, what? The top 3 replies, with a total of 68 + 26 + 25, all indicate “no, forcing users to retype passwords as a global default for all time is not a good idea”.

The technical users of your app will use a password generator and/or storage mechanism. The non-technical users will use one of the favourite throwaway passwords that they use for many different sites/apps. Better to just integrate with an authentication system they already use. There may also be other knock on benefits for your application such as integration into Google Apps if you use Google’s auth.

I’d also argue answer #4 with a score of 22 is saying what I’m saying – that only in rare circumstances it is desirable to enter the password twice, say

  • when you’re setting up the master password for your global private key
  • you’re setting the password that reveals all your stored passwords in LastPass, 1Password, etc.


It’s not like any one of them is quoting research or anything. It’s just a poll of developers. Put up a poll on this site and see if it works out the same. That might be interesting. I really have no idea how people will break on it.


Apologies if this has been asked and answered, I did search the thread before posting.

Is it possible to copy formatted text from google docs and paste it into a forum post here while retaining the formatting, like boldface, bullet points, embedded links? Basic copy/paste doesn’t retain anything but the text.


It looks like there are some chrome extensions that will export a Google doc as markdown which would paste here fine as far as I know.


Nope, incorrect. It is a site for usability experts. So it is a poll of people who specialize in UX / UI.


Actually I agree, unmask is great. Retyping is a PITA, especially on a phone.

Like I said, it is your call.