Failed password text encourages users to re-enter password when username is actually requested
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| unity-greeter (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
Hello,
On unity ligthdm login screen, an invalid password is rejected with the error message:
Invalid password, please try again.
This intuitively makes the user try to re-enter their password.
The problem is that the login uses the same field for both the username and the password. Although the observant user would see that the temporary prompt in the field is now Username, the Username text disappears as soon as they type the first character. And if the user is typing the password, then the password is displayed in clear text.
If we have to share the same field for both the username and the password, then the error text for an invalid password needs to be:
Invalid login, please try again.
That way, the user intuitively expects to re-enter their full credentials of username and password. This also respects the normal Unix security practice of not revealing to the user which of their credentials is wrong.
-Michael
| description: | updated |
| Robert Ancell (robert-ancell) wrote | #1 |
| affects: | lightdm → unity-greeter (Ubuntu) |
| summary: |
- Password error handling + Failed password text encourages users to re-enter password when username + is actually requested |
| Changed in unity-greeter (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
This must be only when using the "Other" entry or you have configured the greeter to prompt for usernames correct? I suspect the wording of the "please retry" message was made on the assumption you have a user list.