html-attributes-to-improve-your-users’-two-factor-authentication-experience

There are plenty of opportunities for friction in the user experience when logging in, particularly while entering a two factor authentication code. As developers we should be building applications that support the need for account security but don’t detract from the user experience. Sometimes it can feel as though these requirements are in a battle against each other.

In this post we will look at the humble element and the HTML attributes that will help speed up our users’ two factor authentication experience.

The default experience

When you implement two factor authentication for a web application, perhaps with the Authy two factor authentication API, you will need a form for your user to input the one time password you are going to send them. You might create something similar to the following HTML:

<form action="http://www.webdesignernews.com/sessions/check-2fa" method="POST">
  <div>
    <label for="token">Please enter the code you were sent:label>
    <input type="text" name="token" id="token" />
  div>
  <button type="submit">Check tokenbutton>
form>

This is a good experience already. The has a name and a unique ID and the is using the correct for attribute to explicitly associate with it, which is important for accessibility. You could also wrap the around the for the same effect. With a bit of CSS, this might look something like this:

A web page shown in iOS Safari with a two factor authentication prompt. The standard alphabetical keyboard is open.

However we can progressively enhance this experience with just a few more attributes.

Getting the right keyboard

On mobiles or devices with on-screen keyboards the first thing to notice is that we are presenting the full alpha-keyboard. One time passwords are made of numerical characters so it would be much better to present the user with a number pad.

You might think that switching the type of from “text” to “number” is the solution here:

    <input type="number" name="token" id="token" />

You would be wrong though. This does trigger a different keyboard on iOS, but it still includes a number of useless keys.

A web page shown in iOS Safari with a two factor authentication prompt. This time the keyboard includes numbers and symbols.

Changing the type of field changes the way the browser interprets that field. It could cause errors too; if the two factor authentication code starts with a zero a number field may drop that leading zero.

inputmode

The inputmode attribute changes the keyboard the browser should display without changing the meaning of the data the field collects. We want our to receive text input, but from the numeric keyboard. So instead, add inputmode="numeric"

    <input type="text" name="token" id="token" inputmode="numeric" />

inputmode has a number of other values, including “tel” for telephone numbers, “email”, “decimal”, “url”, “search” and “none” in case you want to render your own keyboard. This article on CSS Tricks has all the details you need for the different inputmodes.

Browser support for inputmode is good for mobile operating systems these days, but a couple of years ago it was in the wilderness. For older browsers there is another trick to trigger the numeric keyboard and include a bit of extra validation for free.

pattern

The pattern attribute allows you to validate the contents of an using a regular expression. Using the pattern [0-9]* tells the browser that we only accept numbers in the field and also triggers the number pad in browsers without inputmode support.

Our HTML looks like this now:

<input
  type="text"
  name="token"
  id="token"
  inputmode="numeric"
  pattern="[0-9]*"
/>

And the keyboard is a much simpler numerical input:

A web page shown in iOS Safari with a two factor authentication prompt. This time a simple keyboard of just numbers appears.

One thing that would make this form even easier to fill would be autocompletion of the one time password.

HTML autocomplete

According to MDN “autocomplete lets web developers specify what if any permission the user agent has to provide automated assistance in filling out form field values, as well as guidance to the browser as to the type of information expected in the field.”

In iOS and Safari on macOS we can take advantage of this to have the browser suggest two factor authentication codes that are sent to the device over SMS. Adding the autocomplete attribute with the value “one-time-code” will trigger this behaviour.

<input
  type="text"
  name="token"
  id="token"
  inputmode="numeric"
  pattern="[0-9]*"
  autocomplete="one-time-code"
/>

With this, our is complete and the experience for the user now looks like this:

A web page shown in iOS Safari with a two factor authentication prompt. There is also a message notification with a two factor authentication code and the keyboard is auto suggesting the code to be filled in.

Other useful autocomplete values

There are many autocomplete values available, covering everything from names and addresses to credit cards and other account details. For sign up and login there are a few autocomplete values that stand out as useful hints: username, email, new-password, current-password.

Browsers and password managers have very good heuristics to find login forms on web pages, but using the username and current-password values make it very obvious. You definitely want to consider using these attributes if you are building a login form with the username and password on different pages.

In a sign up form, make sure to use the “new-password” value as it triggers password suggestions in some browsers.

A sign in form in Firefox. The password field has suggested a strong password.

Autocompleting one time passwords in other browsers

This autocomplete behaviour only currently exists in Safari on iOS and macOS, but the Chrome team is investigating similar ideas to streamline this process. Currently there is an experiment with an imperative SMS Receiver API modelled on Android’s SMS receiver API. This would allow developers to extract the one time password from the SMS and, because it’s in JavaScript, instantly submit the form, saving the user more time.

At the time of writing this API is part of an origin trial which allows you to test it out and feed back to the Chrome team. If this interests you, sign up and give the API a whirl.

Better experiences through HTML

In this post we have seen that with just a sprinkling of HTML attributes we can improve the login experience for our users, particularly on mobile devices.

The element is one of the most interesting HTML elements we have access to. Depending on the attributes it can be a text field, a range slider, a file selector a button and many more.

If you are looking for an even better two factor authentication experience, then take a look at Authy push authentication which cuts out the copying of codes entirely.

Do you have any other tips on improving the login experience for your users? I’d love to hear them in the comments below or hit me up on Twitter at @philnash.

57 comments

  1. wonderful points altogether, you simply gained a new reader.
    What may you suggest about your put up that you just made a few days in the past?
    Any positive?

  2. You could definitely see your enthusiasm in the work you write.
    The arena hopes for even more passionate writers such as you who aren’t afraid to say how they believe.

    Always go after your heart.

  3. certainly like your website however you have
    to check the spelling on quite a few of your posts. Many of
    them are rife with spelling issues and I find it very bothersome to tell the reality on the other
    hand I will definitely come back again.

    Also visit my webpage :: caradaftarayams128.com

  4. We would like to thank you yet again for the
    wonderful ideas you gave Jeremy when preparing her own post-graduate research and, most importantly,
    for providing the many ideas in a blog post. If we had known of your website
    a year ago, i’d have been saved the pointless measures we were employing.

    Thank you very much.

    Here is my website – http://www.aniene.net

  5. hello!,I really like your writing very so much! proportion we
    keep up a correspondence extra approximately your post on AOL?
    I need a specialist on this house to unravel my
    problem. Maybe that’s you! Taking a look ahead to see you.

    Also visit my blog post – http://www.aniene.net/

  6. I have to thank you for the efforts you have put in penning this site.
    I’m hoping to view the same high-grade content by you later on as well.
    In truth, your creative writing abilities has encouraged me to get my own blog now 😉

    Feel free to visit my webpage … rollex11 original

  7. I must point out my love for your kindness for those who
    really want help with in this theme. Your personal commitment to passing the message all over had become remarkably insightful and
    has continuously allowed guys and women just like me to realize their endeavors.
    This warm and helpful guidelines implies a great deal a
    person like me and even further to my mates. Warm regards; from each
    one of us.

    Also visit my web page – kebe.top

  8. Hey there! This post could not be written any better!
    Reading this post reminds me of my good old room mate!
    He always kept chatting about this. I will forward this article to him.

    Pretty sure he will have a good read. Many thanks for sharing!

    Feel free to visit my web page – anapa-alrosa.com.ru

  9. I like the valuable information you supply on your articles.
    I’ll bookmark your weblog and check again right here frequently.
    I’m fairly sure I will be told lots of new stuff right here!
    Best of luck for the next!

    Feel free to surf to my homepage; forum.bokser.org

  10. I precisely wished to thank you very much yet again. I’m not certain the things that I would’ve handled without those methods provided by you about my question. It was actually a real daunting problem for me, but encountering the
    expert style you processed it took me to weep with
    happiness. I’m just happy for this service and then pray you find out what a powerful job you were undertaking teaching the
    rest by way of your webpage. More than likely you have never got to know any of us.

    my web page: kebe.top

  11. hey there and thank you for your info ? I?ve certainly picked up something new from right here.
    I did however expertise a few technical points using this site, since I experienced to
    reload the website lots of times previous to I could get it to
    load properly. I had been wondering if your hosting is OK?
    Not that I am complaining, but slow loading instances times
    will sometimes affect your placement in google and could damage your high quality score if advertising and marketing with Adwords.

    Well I am adding this RSS to my email and could look out for much more of your respective exciting content.
    Make sure you update this again very soon..

    My site … clubriders.men

  12. What i don’t understood is in truth how you are not really a lot
    more well-liked than you might be now. You’re so intelligent.
    You understand thus considerably in the case of this subject, produced me for my part
    imagine it from numerous various angles. Its like women and men don’t
    seem to be interested except it is one thing to do with Lady gaga!
    Your personal stuffs nice. At all times maintain it up!

    Here is my webpage http://www.atomy123.com

  13. Fantastic goods from you, man. I have understand your stuff previous to and you are just extremely fantastic.
    I actually like what you’ve acquired here, really like what you’re saying and
    the way in which you say it. You make it enjoyable and you still take care of to keep it smart.
    I can’t wait to read far more from you. This is actually a tremendous site.

    Feel free to visit my web page – https://kebe.top/

  14. I wanted to check up and allow you to know how much I liked discovering your web site today.
    I’d consider it a great honor to work at my business office and be able to use the tips provided on your site and also be involved in visitors’ feedback like this.

    Should a position associated with guest writer become available at your end,
    i highly recommend you let me know.

    Feel free to surf to my website; http://astravo.net.ru/modules.php?name=Your_Account&op=userinfo&username=NansonLeta

  15. Very nice post. I just stumbled upon your blog and wanted to say that I’ve truly enjoyed surfing
    around your blog posts. In any case I will be subscribing to your rss feed and I hope you write again very soon!

    my web-site: chengdian.cc

  16. hello there and thank you for your info ? I’ve certainly picked up anything new from right
    here. I did however expertise some technical issues using this
    web site, since I experienced to reload the site many times
    previous to I could get it to load properly.
    I had been wondering if your hosting is OK? Not that I am complaining, but slow loading instances times will very frequently affect your placement in google and could damage your
    quality score if ads and marketing with Adwords. Anyway I am adding this RSS
    to my email and can look out for a lot more of your respective intriguing content.
    Make sure you update this again very soon.

    Feel free to visit my web blog: fyfc.net

  17. Very nice post. I just stumbled upon your blog and
    wished to say that I’ve really enjoyed browsing your blog posts.
    In any case I’ll be subscribing to your rss feed and I hope
    you write again soon!

    My web blog: 163.30.42.16

  18. Interesting blog! Is your theme custom made or did you download it from somewhere?
    A design like yours with a few simple adjustements would really make my blog shine.

    Please let me know where you got your design. Thank you

    Also visit my web-site duna-anapa.net.ru

  19. I am curious to find out what blog system you are utilizing?

    I’m experiencing some minor security problems with my latest site and I would
    like to find something more safeguarded. Do you have
    any solutions?

    Here is my web page; Rodrigo

  20. Howdy, i read your blog occasionally and i own a similar one and i was just curious if you get a lot of spam feedback?
    If so how do you reduce it, any plugin or anything you can advise?
    I get so much lately it’s driving me mad so any assistance
    is very much appreciated.

    Here is my web-site Esteban

  21. With havin so much written content do you ever run into any issues of plagorism
    or copyright infringement? My website has a lot of exclusive content I’ve
    either authored myself or outsourced but it appears a
    lot of it is popping it up all over the internet without
    my agreement. Do you know any ways to help stop content from being ripped off?
    I’d definitely appreciate it.

    Here is my homepage – Keto Premium Shot Review

  22. Do you have a spam problem on this blog; I also am a blogger, and I
    was wondering your situation; we have created some nice practices and we are looking to exchange methods with other folks,
    please shoot me an e-mail if interested.

    my blog post – Nuubu

  23. Hey there I am so delighted I found your webpage, I really found you
    by accident, while I was researching on Digg for
    something else, Nonetheless I am here now and would just
    like to say many thanks for a remarkable post and a all
    round interesting blog (I also love the theme/design), I don’t
    have time to browse it all at the minute but
    I have bookmarked it and also added in your RSS feeds, so when I
    have time I will be back to read much more, Please do keep up the superb work.

    My blog :: 163.30.42.16

  24. It is the best time to make some plans for the future and it is
    time to be happy. I have read this post and if I could
    I desire to suggest you few interesting things or advice.
    Perhaps you can write next articles referring to this article.
    I wish to read more things about it!

    My homepage … Sonic Bug Blocker

  25. Right here is the perfect web site for anyone who really wants to understand this topic.
    You realize a whole lot its almost hard to argue with you (not that
    I actually will need to…HaHa). You definitely put a fresh spin on a subject which has
    been written about for ages. Wonderful stuff, just wonderful!

    my blog post … Keto Tru Lean Reviews

Leave a Reply

Your email address will not be published.