I currently have a form for the user to change password, preferences, etc.
The password field and the confirm password field are initially blank. Only
if there is something entered in the both fields and they match is the
password changed. However, this prevents the user from using an empty
password. Admittedly, this isn't a great idea in general, I am reluctant to
require non-empty passwords. What do others do to allow a user to have an
empty password and not require that they enter the password twice every time
they edit their preferences.
TIA,
Jeffrey
I currently have a form for the user to change password, preferences, etc.
The password field and the confirm password field are initially blank. Only
if there is something entered in the both fields and they match is the
password changed. However, this prevents the user from using an empty
password. Admittedly, this isn't a great idea in general, I am reluctant to
require non-empty passwords. What do others do to allow a user to have an
empty password and not require that they enter the password twice every time
they edit their preferences.
Personally I can't imagine allowing empty passwords for anything, but perhaps the simplest and most obvious thing for the user would be to have a checkbox that read "Set my password to nothing, an empty string, nil, zippo, zip, etc....."
If that's checked, empty their password. Otherwise do the normal thing.
On my profile pages, I have a "Change Password" link that uses a different view. I suppose you could also use a hidden div on the same page and submit it as a separate form (maybe even ajaxy). That way the user can change other profile information without having to retype their existing password, which is what I think you were referring to.
Peace,
Phillip