Page MenuHomePhabricator

Improve error message for log in
Closed, ResolvedPublic

Description

As a person with a wikibase cloud account I want to get helpful error messages in order to successfully log in to my account

Problem:
Currently, when entering the wrong email or password or both, the error messages displayed are unhelpful and unusual.

Example:

image.png (460×728 px, 39 KB)

Screenshots/mockups

Acceptance criteria:

  • When an incorrect password or email or both has been entered, an error message is displayed as per designs
  • The entered email is retained
  • the entered password is cleared
  • the password input field is in focus after it was cleared just like in this gif (click image to see it move)

password_focus.gif (431×336 px, 52 KB)

Open questions:

Event Timeline

@Charlie_WMDE Small question: is clearing the entered password some kind of UX best practice for these kinds of situations?
I'm thinking of a situation where the password was entered correctly, but the typo was in the login, for example, but then I have to re-enter the whole password again cause it got cleared.
I checked MediaWiki - it behaved like you described, so I'm not questioning it, just curious why this is considered an expected behavior rather than, for example, highlighting the entire password, so I could start typing right away

Hey @Anton.Kokh that's a great question. I had to google a bit myself to find the answer since it seem to be primarily a security best practice which then in turn created the UX best practice but from what I can tell the reasoning has to do with how the password is sent/stored and how it could potentially be reused by a malicious third party. I don't understand the exact technical reasons, but it seems like for now the web development world has agreed that that is the safest way to go about it, hence most login in pages display the behaviour you mentioned.

If it's about being able to start re-typing the password right away, there's no reason why the focus couldn't be on the password field after a failed log in attempt, so that the user doesn't need to do an extra click. That is something I forgot to specify but would definitely expect to happen. Will add it to the ACs.