Your shoppers will have password issues from time to time. A shopper who hasn’t used your site in a while might forget their password. Another who recently changed their password might keep re-entering their old password. Some users also tend to mix up their passwords across different sites. You need to have a “Need Help?” or “Forgot Password?” link on the sign in form.
Despite password issues being fairly common, some sites make account recovery unnecessarily hard. They make users type in their old passwords as well as remember them, answer security questions, solve captchas, confirm email addresses, phone numbers, and even shipping addresses.
There is no excuse for such extreme security measures. Recovering an account should be as uncomplicated as sending a recovery link to the customer’s email address or phone number. A customer should be able to set a new password and access their account by simply following the recovery link. Don’t add any extra steps.
For increased security, you can put a time limit on the functionality of the recovery link. Twenty minutes or less should work well. It’s enough time for a customer to access their email and reset their password.
Situations in which stringent security measures are justified:
- A customer claiming they’re unable to access their phone number or email.
- A customer trying to reset their password from an unfamiliar device and IP address (eg. a US user trying to reset their password from China).
Other methods you can use to reduce password issues
- Relax stringent password requirements. Customers are less likely to forget their password if you let them use a preferred password. For example, if someone always uses a 7-digit password but you insist on them using an 8-digit password, they’ll be forced to add a character to their usual password or use another one entirely. This raises their likelihood of misremembering the new password.
- Allow guest checkout so shoppers can make a purchase without having to log in.