Telling users passwords don’t match and aren’t strong enough
I have two functions in my user registration form
- One checks the password and confirmed password are the same.
- The other checks if the password is strong enough.
I have two presentation related questions
- What words should I use if the passwords don't match or isn't strong enough? I have a text field beside the first password which is initially empty but gets updated as each character is typed in (I can add a second text field beside the confirm password part).
- When and in what order should the functions be called? For example if I only call the passwords match function on the confirm password section then if the user goes back and changes the first password things will get messed up. If I call the passwords match function at the first time the user types in the password then it will override the message about the password not being strong enough or the strong enough password will override the "password don't match" message.
The function that checks if the password is strong enough is real simple, just to prevent "123" and password. In the future I'd like to make an option to unmask the password and only have one field and no confirm.