Essays mature
This idea is complete, spare the occasional tending.

series: Login Bingo

by Matthew Lyon  • 

It’s time to log in to the system to do the thing. For whatever reason, you have to type in your credentials — perhaps due to No Autofill For You or Type This Way, and perhaps you’re on a constrained input device, such as your phone. The password is really complicated, and because the field is masked, you’re not sure if you’re typing it correctly. Maybe the username field is obscured for some reason and you’re having trouble seeing that. It takes a few attempts to get it right.

Or perhaps you’re entering authentication credentials or even a PIN code on a device like a touchscreen tablet in a public place and it’s obvious what buttons you’re pressing or on-screen keyboard keys you’re typing, or a TV appliance such as a video game console or streaming box, and you need to ask people to avert their eyes so as to not broadcast this information to everyone. Maybe you have to unplug your laptop from the projector; maybe you have to protect your tablet from shoulder surfing.

Either way, you’re dealing with context-ignorant visibility: something is forcibly hidden when you would like it not to be, or something is forcibly visible when you wish it wasn’t.

Whatever the excuse, dealing with visibility issues with input can be supremely frustrating — especially when the input device is constrained or the input is expected to be entered in a context where other people might see it.

This pattern covers both directions of visibility: input that’s hidden when the person performing the input would like to see what they’re entering, and input that’s visible when the person performing the input would like to make sure other people can’t see what they’re entering.

For input that’s forcibly hidden, consider first: why are you making people type this instead of using autofill or pasting? I’ve seen forms forcibly disable autofill/paste and obscure the input for collecting things such as personally-identifying numbers (driver’s license, social security, library cards, member id), credit card numbers, usernames, and one-time verification codes. None of these are things people likely type enough to have in muscle memory even if they are a good typist, and the context they’re entered in, people might also want to verify they’ve typed it correctly. By forcing people to type and obscuring what they’re typing, you’ve increased their chances of making a mistake by quite a bit.

At the very least, offer people a way to make the field’s input unobscured. I will argue this is important for password fields as well, especially for input-constrained contexts such as mobile devices: the more ridiculous your password requirements are, the more problems people are going to have typing it on a mobile device. Some input-constrained devices will echo obscured-field characters as they’re typed individually, by showing the last character entered for up to a second, but I’ve also encountered places where an app or website developer has gone out of their way to bypass this behavior.

But really you should not disable autocomplete or paste to begin with.

For input that’s forcibly visible, consider alternate ways of collecting information that don’t require echoing that input to the screen. This has been a problem on both my Apple TV device and Nintendo Switch, which highlight the characters entered as they’re input; this is perhaps one area where Microsoft gets it right with the Xbox, which doesn’t. It’s also a problem with iPad PIN entry in a public context — the on-screen keypad highlights for a split-second the number being input, boosting the visibility in a manner that aids shoulder-surfing.