Page MenuHomePhabricator
Create Task
Maniphest T424979

Account Creation: improve password & confirm password field UX
Open, HighPublic5 Estimated Story Points
Actions

Assigned To
None
Authored By
KStoller-WMF
Apr 30 2026, 1:26 PM
Project Tags
Referenced Files
F81621203: image.png
Fri, May 15, 8:50 AM
F81621152: image.png
Fri, May 15, 8:50 AM
F81621118: image.png
Fri, May 15, 8:50 AM
F81621067: image.png
Fri, May 15, 8:50 AM
F81621008: image.png
Fri, May 15, 8:50 AM
F81620939: image.png
Fri, May 15, 8:50 AM
F81620890: image.png
Fri, May 15, 8:50 AM
F81620844: image.png
Fri, May 15, 8:50 AM
View All 14 Files
Subscribers
AAlhazwani-WMF
Aklapper
KStoller-WMF
Michael

Description

User story:

As a new account creator on mobile web, I want clear and timely feedback when my password and confirm password fields don't meet requirements or don't match, so that I can quickly fix errors and complete account creation without unnecessary friction.

Background & research:

The current account creation form delays password mismatch validation until form submission and does not clear errors after the user corrects their input. This creates confusion and unnecessary friction, particularly on mobile where context-switching between fields is more error-prone. Providing validation on blur - and re-validation on subsequent edits - aligns with standard UX practices and reduces failed submissions. This task is part of the broader V3 account creation effort (T415659).

Design:

Figma designs

Acceptance Criteria:

Note on error severity: blur-triggered validation uses a warning state (yellow triangle + warning message). Submit-triggered validation escalates to an error state (red icon + error message + form-level error banner). These are distinct visual states and should be implemented accordingly.

Note on optimistic vs. conservative re-validation: AC8 and AC9 describe the ideal (optimistic) behavior. AC10 and AC11 describe the acceptable fallback (conservative). Implement optimistic if straightforward; fall back to conservative if re-validation on keystroke is non-trivial.

On blur - password field

  • AC1: Given the user leaves the password field, when the password meets all requirements, then clear any existing password warning.
    image.png (946×1,880 px, 140 KB)
  • AC2: Given the user leaves the password field, when the password does not meet requirements (e.g. fewer than 8 characters), then display an inline warning below the field.
    image.png (946×1,880 px, 143 KB)
  • AC3: Given the confirm password field is already filled and the user leaves the password field, when the password is now valid and the fields do not match, then display a mismatch warning below the confirm password field.
    image.png (946×1,880 px, 145 KB)
  • AC4: Given the confirm password field is already filled and the user leaves the password field, when the password is now valid and the fields match, then clear any existing mismatch warning.
    image.png (948×1,880 px, 137 KB)

On blur - confirm password field

  • AC5: Given the user leaves the confirm password field, when the password field is still invalid, then do not validate confirm password - suppress any match-related feedback.
    image.png (946×1,880 px, 145 KB)
  • AC6: Given the user leaves the confirm password field, when the password field is valid and the passwords do not match, then display a mismatch warning below the confirm password field.
    image.png (944×1,880 px, 144 KB)
  • AC7: Given the user leaves the confirm password field, when the password field is valid and the passwords match, then display no error.
    image.png (946×1,880 px, 138 KB)

On keystroke - optimistic re-validation (ideal)

  • AC8: Given a password field warning or error is already displayed, when the user types in the password field and the value now meets requirements, then clear the warning or error immediately without waiting for blur.
    image.png (2,704×1,880 px, 276 KB)
  • AC9: Given a mismatch warning or error is already displayed, when the user types in either field and the passwords now match, then clear the mismatch warning or error immediately.
    image.png (2,704×1,880 px, 274 KB)

On keystroke - conservative fallback (acceptable)

  • AC10: Given a password field warning or error is already displayed, when the user types in the password field, then re-validate on next blur rather than on each keystroke.
    image.png (2,704×1,880 px, 277 KB)
  • AC11: Given a mismatch warning or error is already displayed, when the user types in either field, then re-validate on next blur rather than on each keystroke.
    image.png (2,704×1,880 px, 275 KB)

On submit

  • AC12: Given the user submits the form, when the password field is invalid, then display the password requirements error inline below the password field regardless of prior field state.
    image.png (856×1,880 px, 135 KB)
  • AC13: Given the user submits the form, when the passwords do not match, then display the mismatch error inline below the confirm password field regardless of prior field state.
    image.png (856×1,880 px, 134 KB)
  • AC14: Given the user submits the form, when both the password is invalid and the passwords do not match, then display both errors simultaneously alongside a form-level error banner ("There are problems with some of your input.").
    image.png (856×1,880 px, 141 KB)
  • AC15: Given the user submits the form, when client-side validation fails due to password-related errors (invalid password or mismatched passwords), then the password and confirm password fields retain their current values so the user can reveal and edit rather than retype.
Open questions:
  • Can this be included in the V3 release?
  • Is additional instrumentation needed to track validation error rates or correction patterns?
  • Should a debounce be applied to keystroke re-validation (AC8/AC9) to avoid noisy feedback on fast typists?
  • How should password mismatch errors interact with other password errors? (stack vs. display as one error)
    • Display only one error - whatever the API returns first.

Related Objects
Search...

Event Timeline

KStoller-WMF created this task.Apr 30 2026, 1:26 PM
KStoller-WMF mentioned this in T419413: Add reveal password action to mobile account creation form.
KStoller-WMF moved this task from Inbox to Needs Refinement on the Growth-Team board.May 7 2026, 9:12 PM
KStoller-WMF triaged this task as High priority.May 9 2026, 7:48 PM
KStoller-WMF moved this task from Needs Refinement to Up next Sprint on the Growth-Team board.
KStoller-WMF moved this task from Up next Sprint to Needs Refinement on the Growth-Team board.
Michael added a comment.May 12 2026, 1:39 PM

This behavior makes a lot of sense to me, and it seems like an obvious improvement. But is this actually something that needs to be experimented with? It is going to be a moderate amount of effort, and I'd rather not try to squash this into any upcoming experiment given that we're already very tight on time.

KStoller-WMF added a comment.Tue, May 12, 8:29 PM

I'm open to that. We could treat this more like a UX bug fix and make sure we work on this even if we don't manage to squeeze in a V3 experiment.

KStoller-WMF moved this task from Needs Refinement to Needs Estimation on the Growth-Team board.Wed, May 13, 4:32 PM
AAlhazwani-WMF updated the task description. (Show Details)Fri, May 15, 8:50 AM
KStoller-WMF set the point value for this task to 5.Mon, May 18, 4:09 PM
KStoller-WMF moved this task from Needs Estimation to Estimated tasks backlog on the Growth-Team board.
AAlhazwani-WMF updated the task description. (Show Details)Thu, May 21, 10:31 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits