Table of Content
A whole lot of sites now require enrollment, meaning that consumers will need to be assigned a password and username. Below are a few necessary actions to make the procedure more secure.
If the goal of registration is to affirm that the individual is different, and they have provided a valid email address, then within this registration procedure you must email them: a random password or an affirmation token. Don’t allow them to pick their password and use it instantly without verifying they exist.
How to use the password input on a form?
Rather than input type=”text”, utilize input type=”password” since it allows the browser (and the user) understand the contents of the area have to be secured.
The password will not appear on the display as you type along with many browsers also will not keep or remember values typed in password fields since they do along with other type elements.
Sometimes, like on mobile devices, demonstrating the password can enhance usability without compromising safety. After all, it is just the browser screen being obfuscated rather than the information transfer.
Verify password input
Since the password entered type obscures the text typed, you need to allow the user to confirm that they haven’t made an error. The easiest way to do so is to get the password entered and then check if they are identical.
Another procedure is to show what they have entered as a member of the verification page. The issue here is that you are creating the password visible in the browser, browser cache, proxy, etc. For safety, a password must not be shown in HTML or delivered by email.
How to code a proper form with a password?
<form method="POST" action="..." onsubmit="return checkForm(this);"> <p>Username: <input type="text" name="username"></p> <p>Password: <input type="password" name="pwd1"></p> <p>Confirm Password: <input type="password" name="pwd2"></p> <p><input type="submit"></p> </form>