Cookies on ons.gov.uk

Cookies are small files stored on your device when you visit a website. We use some essential cookies to make this website work.

We would like to set additional cookies to remember your settings and understand how you use the site. This helps us to improve our services.

View cookies

You have accepted all additional cookies. You have rejected all additional cookies. You can change your cookie preferences at any time.

Skip to main content

Ask users for Passwords

Overview

Help users to create unique and secure passwords.

When to use this pattern

Use this pattern when a user needs to create a password for an account to access a service or respond to a survey. 

You may also want to view our guidance on helping users to create accounts

How to use this pattern

This pattern uses the password component.

When using passwords, you should: 

  • help users create strong, unique passwords
  • make it clear how users can reset their password
  • send a new link or code to help users who have forgotten their password 

Avoid using password reminders or reset questions as they can often be too obscure to remember and encourage users to reveal information about their password. 

Variants

We currently use two variants for creating passwords for our surveys.  

12-character passwords

For ONS business surveys, we ask for a 12-character password. This must have: 

  • at least 12 characters
  • 1 uppercase letter
  • 1 symbol, such as ?!£%
  • 1 number 

16-character passwords

For Author accounts, we ask for a 16-character password.  

We recommend using three random words without spaces to make up the password. Symbols and capital letters are not mandatory.

How to check passwords

To help users enter a valid password you should: 

  • allow them to paste the password
  • check they have entered something in the password field
  • check that what they have entered is valid
  • show an error message if they have not entered anything or what they have entered is not valid 

Use the correct errors pattern and show the error details above the password field. 

If the password is missing

Use “Enter a password”. 

If the password is too long or too short

Use “Enter a 16-character password”. 

If the password does not meet all the requirements

Use “Enter a password that includes a [whatever the thing is]”

For example, “Enter a password that includes a capital letter”

Help improve this page

Let us know how we could improve this page, or share your user research findings. Discuss this page on GitHub (opens in a new tab) 

Back to top