This question with a similar name refers to registration, but in my case, I would like to address the shipment.
My use cases are:
- A login form that consists of an email address.
- A password change form where the user enters their new password twice to change their password.
The password field may fail for several reasons:
In the login form, the password is blank or the password / email combination is incorrect.
In the password change form, the password does not meet the password requirements (minimum length, etc.).
In the password change form, the repeated password does not match the password.
In the password change form, there is a blank password field.
Currently, I have the following behavior:
- In the password change field, once the password is changed successfully, the password fields are blank since it makes no sense to keep them, and we prepare "clean" fields in case the user wants to change the password again .
Should I also leave the fields blank for the other failure modes? For example, when you use the password change fields and set a password such as "123456" and the form returns "You must have at least one letter in your password", you could go to the beginning of both compilations and add "a", which results in "a123456". This probably overrides the purpose of strong passwords, but it is much faster than typing "a123456".
Are there established guidelines for this?