blog documentation FAQ followers forum marketplace services youtube

solved How should password fields be set up?

The Jamroom Network » Forum » Using Jamroom » Page » How should password fields be set up?
researchcooperative
@researchcooperative
6 years ago
694 posts
In the User Account setup form, there are two password fields:

user_passwd1 (label = password)
user_passwd2 (label = repeat new password)

When logged in as Admin., we are instructed by alerts that various attributes of these fields should not be changed, and I have been elsewhere informed that both should be left as "required".

I am confused.

At signup we (as ordinary users) create a password that can sensibly be called "existing password" of "old password" after it exists. But when users attempt to change something in their account, e.g. change the profile photo, they are expected to fill out the password. In fact what happens they are asked to create a new password. And further, when trying to create the new password, a field pops up demanding to see the old password. And then finally they can have their new photo accepted.

There does not seem any clear separation of login requirements for an existing password, and password entry requirements for creating a new password.

Perhaps this tangle explains why so few members are active on my site.

Persumably the system is understandable for owners and users at other sites, so most likely I have my form fields set up strangely. But do other site owners have issues with setting up the password fields in a way that is understandable and convenient for ordinary users?

I have not found any part of documentation that clearly lays out all the options and requirements for setting up password fields in the forms for user/signup and user/account (i.e. the account creating and updating form fields).

Shouldn't there be a clear separation of password fields for:

(1) using the initial password established at signup, and
(2) confirming (re-entering) the initial password when it is used, and
(3) changing the password after login with the old password, and
(4) confirming (re-entering) the new password that will replace the old password?

I don't understand why the user (at my site at least) is being led through steps (3) and (4) when merely wanting to edit account details.

Is this a general problem, or specific to my site and the way I have it set up?


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 05/19/18 04:40:38PM
brian
@brian
6 years ago
10,148 posts
Here's the deal - it's pretty simple: If you set the password fields on the Account Settings form to be required, then your users will be required to change their password every time they want to change ANY account information on the Account Settings form. This is why those fields should not be required.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
researchcooperative
@researchcooperative
6 years ago
694 posts
Thanks.

I somehow from somewhere had the impression that those fields were meant to be "required". WRONG!

For the Account signup form, I still have the password fields set as "Required". Is that OK? Or always necessary? Or optional? Or not OK?

If the system at signup is hardwired to request an intitial password, then password fields in the signup form might serve a different function (though I can't imagine what at the moment).

Is there only one correct way to configure password fields in the signup, and if so, why are they not hardwired?

I need to understand this completely, and then provide different explanatory labels for the password fields in the signup and setting forms.

Thanks.


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
brian
@brian
6 years ago
10,148 posts
researchcooperative:
Thanks.

I somehow from somewhere had the impression that those fields were meant to be "required". WRONG!

For the Account signup form, I still have the password fields set as "Required". Is that OK? Or always necessary? Or optional? Or not OK?

Of course - when a user is SIGNING UP they do not have an account yet - you must collect a password from them at sign up time.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
researchcooperative
@researchcooperative
6 years ago
694 posts
Thanks. I have set up the fields as follows. I hope these reflect correct understanding of the password fields, and that the method of labeling is useful for other JR network owners (and their users).

Note: For template names and field labels, the labels are fixed (i.e. automatically the same) for the signup and account detail forms (i.e. for form/signup and form/account).

The sublabel and help notes can be made different for the purposes of /signup and /account, as below.

User/signup form
user_passwd1
label = password
sublabel = Your account password, for login. Use at least six letters and numbers, with at least one number.
help = Change it later if you want. See "Log in help" under Home menu tab if you forget!
Required = YES

user_passwd2
label = repeat password
sublabel = Repeat to make sure there are no typos (mistakes)
help = See "Log in help" under Home menu tab if you forget your password
Required = YES

User/account form
user_passwd1
label = password
sublabel = Enter a new password to change your password. Use at least six letters and numbers, with at least one number.
help = Change it later if you want. See "Log in help" under Home menu tab if you forget!
Required = NO

user_passwd2
label = repeat password
sublabel = Repeat the new password to make sure there are no typos (mistakes)
help = See "Log in help" under Home menu tab if you forget your password
Required = NO


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 02/14/18 06:43:00AM
researchcooperative
@researchcooperative
6 years ago
694 posts
If the above layout and examples of labeling are correct and of general utility, then a similar text could be added (perhaps) to a JR Documentation under the title of "Password settings" so that others can optimise their password set up more easily.


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 02/14/18 06:48:05AM
brian
@brian
6 years ago
10,148 posts
What you have described is how Jamroom is setup "out of the box" - not the language strings, but the required/not required, so we should be good.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
updated by @brian: 02/14/18 06:48:14AM
researchcooperative
@researchcooperative
6 years ago
694 posts
Thanks for the confirmation.

And after long messing about with these labels, I had long since forgotten what JR originally provided as out of the box! Sorry.

What seems to me lacking is clear explanation for the out of box settings and why they might need to be changed, or why they should never be changed even if they can be changed.

Passwords are critical to the user experience, and setting up the fields needs to explained comprehensively for both Admin and users.

Thanks


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 02/14/18 06:55:12AM