Back

Entytle · B2B onboarding study

Password Creation UX

A focused study on making password creation feel clear, secure, and less frustrating for Entytle's B2B customers using Insyghts.

2023Product AnalysisForm UX

Quick overview

This was part of a larger effort to improve Entytle's application onboarding. The password moment mattered because it sits right at the edge of access, trust, and support: when a user forgets a password or struggles to create one, the product can feel blocked before the actual value appears.

Why it mattered

Entytle's Insyghts users are primarily sales managers. Onboarding needs to create a strong first impression and get them into the product without turning security into a guessing game. Unlike many B2C products, B2B platforms often still depend on internal email-password authentication, so the password flow has to work harder.

Signal

7

users went to forgot password in the last 6 months

Cost

11h

estimated yearly time lost to password-creation friction

Audit

20+

B2B and enterprise password forms reviewed

Mixpanel analytics chart showing forgot password usage from September 2024 to March 2025
Forgot-password signal. Mixpanel analytics showed 7 users went to forgot password in the last 6 months, enough to treat the reset/create-password moment as an onboarding risk instead of a tiny edge case.

The problem

The existing form relied too much on on-exit validation. Users would finish typing, leave the field, and then discover the rules. That made instructions feel like mistakes. The study split the problem into three UX questions:

Before redesign password UI with long red validation errors and set password button
Current password form
1

Requirements

Due to on-exit validation, the form throws errors after typing. The message reads like a mistake instead of an instruction.

2

Show/Hide

Users make mistakes, and no clear validation or intentional show-password control is a big risk for password entry.

3

Strength

The user has no simple answer to the key question: how strong is this password?

Research direction

I audited 20+ B2B and enterprise forms, comparing requirement patterns, error states, show-password controls, and strength indicators. The goal was not to reinvent password creation. It was to reduce friction while keeping security expectations clear.

Best-in-class onboarding form examples from WorkOS, Shopify, Stripe, and Salesforce
Best-in-class audit. I compared onboarding and authentication forms from WorkOS, Shopify, Stripe, and Salesforce to understand how enterprise products explain password rules, validation, and recovery.

Research notes

Asset placeholder. You can share this one later and I’ll wire it here.

Design decisions

The final direction prioritised clarity over cleverness: fewer rules, clearer copy, live validation, explicit show-password behavior, and a familiar strength meter.

Password requirements shown as a visible list under the password field
Showing the requirements. Full clarity up-front made the password rules visible before submit, but the first pass was text-heavy and challenged attention span.

Try 1: visible requirements

Pro
Full clarity up-front. Checking off each requirement can feel satisfying when the visual state improves as the user types.
Cons
Text-heavy and demanding on attention, especially before the user understands why every rule matters.
Decision
Keep the clarity, but reduce the weight through copy and visual treatment.

UX copy

Clear without sounding forceful

I decided against language like “your password must contain” because it sounded too mandatory. The goal was to improve password security while keeping the tone professional, motivating, and easy to act on.

“Strong password should contain” was selected because it aligns with the need for clear, authoritative instructions in an enterprise setting where security is paramount.

CopyEmotion
It's better to have😐 🤷‍♀️ Neutral or indifferent
Create password that's😕 Incomplete or vague
To be secured use😬 🗣️ Slightly authoritative but awkward
Better passwords have👍 💭 Encouraging but passive
It's recommended to contain👩‍🏫 📄 Advisory but impersonal
Tips for a stronger password🙋‍♀️ 📚 Helpful and educational
To make your stronger password🤯 ❌ Confusing due to grammatical error
Strong password should contain✅ 👨‍🏫 Clear and instructional
Stronger passwords have😃 🚀 Positive and motivating
UX copy options mapped to emotional tone, highlighting Strong password should contain as clear and instructional
Copy and emotion map. The selected phrase landed on clear and instructional, which fit an enterprise password flow better than passive, vague, or overly forceful alternatives.
Requirements copy comparison between technical rules, existing copy, and finalised UI copy
Requirements copy. The technical policy had more rules than the UI needed to expose. The final UI reduced that logic into four understandable requirements.

Tech side

  • Minimum 8 character
  • 1 uppercase
  • 1 lowercase
  • 1 number
  • 1 special character
  • Can't contain spaces
  • Can't contain 4 repeated, sequential character
  • Can't contain email username ${username}
  • Should not be within top 10K common passwords

Existing

  • Minimum 8 character
  • 1 uppercase
  • 1 lowercase
  • 1 number
  • 1 special character

Finalised on UI

  • At least 8 characters
  • Upper & Lower case letters
  • A symbol
  • No sequential patterns

Chapter 2 · How

Improving requirements visually

A seemingly simple component turned out to have many parameters that affected the experience: clarity, visual weight, check-off satisfaction, error pressure, and how much reading the form demanded.

Password requirement component with two met and two unmet requirements
Balanced requirement state. The direction started moving toward a checkable component: enough clarity to guide users, but lighter than a long red error paragraph.
Explicit password requirements shown as a full checklist
Explicit. Explicit requirements provide clarity, but they can become heavy and error-like when every unmet item is red.
Implicit password requirements shown as a single red sentence
Implicit. Implicit copy keeps the interface simple, but it becomes vague and harder to scan when all requirements are compressed into one sentence.

I prioritised clarity over simplicity here. Being explicit gives users a clear path to completion, while the visual treatment can reduce the heavy feeling of a checklist.

Make requirements visible

The current form waited until exit to show failures. That made guidance feel like punishment. The redesign moves rules into the flow so users can correct as they type.

Use motivating requirement copy

Instead of “your password must contain,” the chosen tone was closer to “Strong password should contain,” which stays clear without feeling hostile.

Prefer text for show password

Eye icons are implemented inconsistently across products. A checkbox or explicit text label makes the action easier to understand and more accessible.

Use a progress-style strength meter

The strength bar gives immediate feedback, a sense of progress, and a small moment of satisfaction in an otherwise dry security task.

Try the interaction

This coded version turns the original GIF idea into something visitors can touch. The important shift is live guidance: rules update while typing, so the form teaches instead of waiting to complain.

Interactive demo

Create a password

StrengthStrong

Strong password should contain

This copy keeps the tone instructional without sounding like an error before the user has typed.

  • At least 8 characters
  • Upper & lower case letters
  • A symbol
  • No sequential patterns

Assets to add next

These are placeholders for the visuals you'll share one by one. Once the GIF arrives, I can use it as the reference for a richer HTML recreation, and later we can add an explode-style breakdown like the CRPKO header page.

Show password options

Asset placeholder. You can share this one later and I’ll wire it here.

Weak / medium / strong states

Asset placeholder. You can share this one later and I’ll wire it here.

Final GIF reference

Asset placeholder. You can share this one later and I’ll wire it here.

Learning

The case study's main lesson is that accessible form design is detail work. A small password field carries copy, validation, state, security perception, memory support, and user confidence. When those details work together, the product feels easier before users even reach the dashboard.