From the desk of Alasdair Monk

Improving the forgotten password process

I've had a few really frustrating experiences with forgetting my password for certain apps and sites recently, the worst being CrowdSurge's system which is undisputedly the worst login/forgotten password workflow I've used in ages and more painful than actually trying to swallow my MacBook Air.

Learning from this, I had some thoughts on how to make this specific process a bit nicer for your users. It focuses on two golden commandments that all digital product designers should hear in their heads like chronic tinnitus.

Here's your typical forgotten password flow. I, the user, visits your otherwise flawless site. I already have the sinking feeling that I've forgotten my password.


I was right. Before I leap for the forgotten password link and start a whole new process though, I'm going to try another password I think it might be. Unfortunately, you've forgotten the email address I gave you, so I'll type that in again and my new guess for the password...


Ok I got it wrong again. Time to cave in and go down the forgotten password rabbit hole.

Enter my email address to receive a new password? I really have to hit those 24 keys all over again? This is getting boring, I'll probably just give up, I've forgotten what this app even does…

This is probably very familiar to a lot of you, it certainly is to me. I usually end up putting my email address on the clipboard to combat the bad experience, but a lot of users won't be this diligent (or have foresight that a computer could be so dumb).

Here's a very quick flow that tries to address the problems described above:

I, the user, comes to your brand new login page. I type in my email address and what I think is my password…

Looks like I got it wrong, but its remembered my password and given me a new obvious option.

Rather than having a whole new page for the user to enter an email address to get a reminder or new password sent to them, we can eliminate that step and make the button label do all the hard work of informing the user what's going to happen.

I hit the button and get the new password sent to my inbox. All of this from typing my email in once, as I should.

Obviously I've taken a very broad view of this process, a lot of the interface will come down to the detail of how it's implemented (AJAX forms, copy et al). Nevertheless, I've seen these problems replicated on so many sites and apps that it seems fair to make a comment on this issue.

Now read Reflections on So & So