When should I validate that the password in a confirmation field matches the first password entered?
If a user creation page has a field where you are asked to re-enter your password, when should the page validate that the second password matches the first?
I do not have control over whether or not we include the password confirmation. I am only able to request a change to when we show a validation error.
The answer to a previous post on validating the initial password based on complexity rules suggests showing the error as the password is typed, with a short delay. However, in the case of a repeated password field, we are not checking complexity, only that it matches, so validating that mypass is not the same as mypassword while the user is still typing in the second field seems useless and annoying. (Edited to clarify that my issue is with validation of input that the user already knows is incomplete)
After reading an inline validation article on A List Apart, it sounds like validation after the user has completed the field was most user-friendly. However, the password fields are the last fields on the form, so the next step would be to click "Create", making on-blur validation somewhat more complicated.
At this point, I have two questions:
- Should the validation of the second field wait until after the user has finished?
- What should be considered "after" in this case, since they are unlikely to make any more changes to the form before attempting to submit? After the user has not typed anything for a second? After they click "Create"? After they have typed the same number of characters as the first password?