Usability review of password interfaces from Alexa's top sites

Inspired by discussion on drupal.org about usability impediments on the user account management page, I decided to do a brief survey of how Alexa's top sites* handle account management, especially around changing a password. If we're going to have a conversation about usability, where better to find examples than from the companies who employ the foremost usability experts in the world? Spoiler alert: they don't do it like Drupal does.

Of the 10 platforms surveyed, every single one offers a dedicated form for changing one's account password.

Each service uses its own nomenclature and provides different navigation paths to reach the password form, but none of them combine the password fields with any other forms. The key takeaway for Message Agency is that we shouldn't hold our breath on the 5+ year old drupal.org issue. We've always deployed our own in-house solution for our clients to workaround this usability constraint, and Drupal contrib space offers no shortage of solutions. In the meantime, we'll continue to work towards improving Drupal core's password management.

Before we look at the other services, let's review how to change one's Drupal password:

  • There are 3 password fields on the form, with Email address and Username fields in between.
  • If a user wants to change their password, they must fill out all 3 of these fields, none of which is indicated with the Drupal standard "required" asterisk.
  • If a user wants to change their email address, they must fill out only the "current password" field.
  • If a user wants to change their username, they don't need to enter any password.
  • If you read very closely, all of this is explained in the input field description elements.
  • Lastly, if any other field on this form doesn't pass validation, the user must re-enter as many as 3 passwords each time they try to submit the form.

Now let's review our Alexa sites:

Alexa #1: Google (and #2 Youtube, and #7 Google India, and #10 Google Japan)

Changing a password on one's Google account is anywhere from 2 to 6 screens, depending on one's entry point. I started from gmail:

  • step 1, go to "My Account":

     
  • step 2, click through to "Sign-in & security":

     
  • step 3, click through again to "Password":

     
  • step 4, re-enter existing password:

     
  • Finally, on step 5, you can enter your new password (and confirm):

Alexa #3: Facebook

Facebook's password management is more streamlined, but similarly offers a standalone form to change password and only password.

  • step 1, go to "Settings":

     
  • step 2, click "edit" next to password container:

     
  • step 3, enter current password, new password, and confirm:

 

Alexa #5: Wikipedia

Wikipedia also offers a standalone password change form, accessed via "Preferences":

  • step 1, go to "Preferences" and step 2, go to "Change password":

     
  • step 3, re-enter current password:

     
  • step 4, enter new password and confirm:

 

Alexa #6: Yahoo

(Yes, I was surprised to see it still in the top 10 too.) Yahoo follows essentially the same pattern as the preceding, except doesn't ask to re-confirm existing password.

  • step 1, go to "Account info":

     
  • step 2, go to "Account security":

     
  • step 3, go to "change password":

     
  • step 4, enter new password and confirm:

 

Alexa #8: Amazon

Amazon, again, follows the same pattern offering a dedicted form to change one's password:

Alexa #11: Windows Live

 

Alexa #14: Twitter

 

* I skipped #5 Baidu (baidu.com) and #9 Tencent QQ (qq.com) because I don't have a Chinese phone number with which to create an account, but added Windows Live (live.com) and Twitter (twitter.com) to round out an even 10.