Password generator
Enhancing digital safety through strong passwords
Introduction
This project aimed at providing a password generator functionality in Microsoft Authenticator & Microsoft Autofill chrome extension.
Background
We store a lot of personal and sensitive data online, which, if accessed by any unauthorized entity can have adverse repercussions. As our reliance on digital accounts is growing, so is the concern for cyber safety and data security. A lot of security breaches, today, can be attributed to use of weak passwords.
What makes a password weak? In simple terms, when a password can be interpreted/ guessed by anyone other than the account owner, it is a weak password. Duplicate passwords also make for weak passwords.
Thus the recommendation is to use passwords which are complex (use a combination of characters including uppercase & lowercase alphabets, numbers and special characters), do not have a decipherable pattern, difficult to guess and unique to every account. In technical terms, good passwords should have high entropy.
It isn't easy to come up with such strong yet unique password, for all our accounts. It is even more challenging to remember them.
Task
Design a password generator that provides strong & unique password for the users in their workflow (without having to visit password generator) of creating a new account or changing password for existing account. Once they use the suggested password, it should also autosave the password eliminating the need for user to remember.
My role
I took over this project at a stage where we had a surface for password generator designed. I worked on enhancing the in-app and in-context flow further and solving for offline password usage flow. I was also responsible for making it meet Microsoft’s a11y standards and making it compliant as per privacy & legal requirements.
Approach
Initially, we surfaced all the customization options along with the generated passwords but the perceived complexity of that surface became so high that a lot of research participants found solace in bypassing the suggestion altogether and typing their own passwords. That defeated the purpose. Removing customizability was not an option and thus I updated design to hide those options by default in in-context view. They were still visible in in-app view though as the purpose was different.
We were expecting that users are likely to find it challenging to distinguish between 1 & I, 0 & O so we colour coded the passwords to distinguish alphabets from numbers to special characters.
Remaining details are omitted in compliance to NDA
Final design
Here’s the final version demoing the feature capabilities. The GIFs below were created for Microsoft blog announcing this feature - Generate strong passwords with Microsoft Authenticator - Microsoft Community Hub
Impact
Like most of Microsoft Products, this featured gathered significant reporting in tech blogs and communities. I cannot share the actual numbers here but these articles should give some sense of how this feature was received by community at large.
Generate strong passwords with Microsoft Authenticator
The best password managers of 2024: Expert tested
Microsoft's password manager just got a new feature you probably thought it already had
Microsoft Authenticator Now Lets Users Generate Strong Passwords