20

Our application provides a way for administrators to authenticate as a specific user.

It provides a text field to type a username you want to authenticate.

When you type 4 letters or more

  • the autocomplete list appears with a list of matching users you can authenticate.
  • the Login button becomes enabled

Unfortunately, there also users with shorter usernames (of 3 or less characters). So when you type "patrizio", you will see autocomplete list with "patrizio", but when you know a user al and you type "al" you will not see him on the list.

Doesn't that give people a false impression that there is no user "al" in the database?

-EDIT-

A solution would be perhaps to:

  • for 1 letter typed show only matching 1 letter-long usernames,
  • for 2 letters typed show only matching 2 letter-long usernames,
  • for 3 letters typed show only matching 3 letter-long usernames,
  • for 4 letters or more typed show matching 4 letters-long or longers usernames
Improve this question
8
  • 2
    Well, the user 'al' will never see the autocomplete. Is there a chance that he doesn't know that there is this feature?
    – Dimitra Miha
    Commented Apr 3, 2017 at 8:56
  • 3
    @DimitraMiha Administrators can login as different users, so "al" will not be using this feature. It will be administrators logins as users with both shorter and longer usernames.
    – dzieciou
    Commented Apr 3, 2017 at 9:00
  • 2
    Now it is more clear :) Is there a minimum length for user names?
    – Dimitra Miha
    Commented Apr 3, 2017 at 9:03
  • 13
    About your solution: for 2 letters typed show only matching 2 letter-long usernames,. I wonder how many 2 letter-long usernames containing "al" there are... hint: it's either 0 or 1. same for your 1 and 3 letter-long examples, for any arbitrary string. Either they exist or they don't, "matching usernameS" makes no sense (except if it's case-sensitive) :P
    – xDaizu
    Commented Apr 3, 2017 at 11:42
  • 1
    I've seen this feature in some other apps, but I've never been comforatble with it. It's a bad idea, because it allows a rogue administrator to sign other peoples' names to his actions. A good system design also protects users against the actions of their administrators. For example, as an AD Domain Administrator I can change the password of any user in my system, but I can't then put the password back to what it was when I'm done. Users will know their password changed, and can complain about that.
    – Joel Coehoorn
    Commented Apr 4, 2017 at 16:54

5 Answers 5

Reset to default
12

Search from first letter.

If, for some reason, you can't load all results, you can just show your user that there are more. Something like this:

mockup

download bmml source – Wireframes created with Balsamiq Mockups

That way you would load only a few lines, and thus get a reasonable loading times. At the same time, your users will see that typing further makes sense.

Not loading anything is counter intuitive. It suggests that there is nothing to load. That's a really bad situation that can confuse your users.

Improve this answer
0
19

Yes! It is counter-intuitive; which is why any website that allows user names with single character should begin the check from first letter a user types.

It's similar to what Twitter does:

enter image description here

=============================================

enter image description here

Update

Don't change the functional behavior for short letters and long letter. In this case always use prefix matching - that is the default behavior of autocomplete component, and users are already familiar with it.

enter image description here

Improve this answer
6
  • 1
    The problem with autocomplete with prefix matching is it will result a lot of matching results of 1 letter, e.g., "a" will match "ala", "anthony", "aston", etc. Perhaps for short typed words it should return only exact matches and for >3 letters long words it should return both exact and prefix matches?
    – dzieciou
    Commented Apr 3, 2017 at 9:34
  • 1
    I entered twitter.com and cannot find this screen. What is the exact URL you found this example?
    – dzieciou
    Commented Apr 3, 2017 at 9:35
  • 1
    @dzieciou it appears when you are logged-in - twitter.com/settings/account
    – Dipak
    Commented Apr 3, 2017 at 9:43
  • 2
    The difference is that for Google search you show only top n recommended/popular suggestions, while for users you expect to see a complete list of matching users.
    – dzieciou
    Commented Apr 3, 2017 at 9:43
  • 5
    @dzieciou "while for users you expect to see a complete list of matching users." Is that so? Less than 3 letters would result in too many suggestions. Why wouldn't 4 letters do the same? Autocomplete is a generalized feature. No matter where it is used, I can only expect to see all results if the result count is lower or equal to the maximum display result count.
    – sbecker
    Commented Apr 3, 2017 at 11:02
9

Do not change the functionality for different types of inputs if the person who inputs the data is the same. This will confuse the user.

The difference is that for Google search you show only top n recommended/popular suggestions, while for users you expect to see a complete list of matching users

You can do exactly what Google does and you can sort those results based on the number of letters when there are more than one starting from a letter.

In your example, you may have Al and Alister and Ali, but when user types Al, the autocomplete will try to pull top 10 records starting with Al and sort them as Al, Ali and Alister etc. In this case, since you are pulling only a few numbers from DB, your performance will not take a hit and the shorter usernames will be sorted at the top.

Improve this answer
2

I think your solution of matching only on long user names is trying to fix the performance issue of too many results from the wrong end.

What I'd instead suggest is that you limit the number of results. I.e. only show the first 10 matches (maybe with a scroll bar that uses the total number of results to display itself correctly and lazy-loads more results in batches of 10 if the user actually scrolls down).

This also has the advantage that user names with the same prefix match can't slow down this list either (imagine a large company signed up all their users with names like "acme_jane" so they can easily match them up to their internal jane at acme.com e-mail addresses).

It would also be worth considering whether you want to show recently used names with some sort of preference. E.g. if an admin has to unlock the account of "acme_stuart_alastair" every week because he keeps forgetting his password, it'd be nice if typing "ac" would already show the entry after the first two times. You could for example do this by showing up to 3 most recent user matches at the top, then a separator, then 7 matches from the full user list below that.

Improve this answer
0

My answer does not focus on user experience, but on security.

Never auto-complete usernames.

Revealing what usernames exist on the system is one of the most basic mistakes you can make.

For a registration process, sure, at some point you may have to admit to the user that the username they want already is taken. However, it takes much longer for them to enumerate a gazillion attempts (even for a robot; particularly when you add rate limiting), than for them to simply enter three characters and have the list of users delivered to them.

So, in short: whether intuitive or not, don't do this.

Improve this answer
2
  • 5
    This is for administrators of the system, not just any old user.
    – Kat
    Commented Apr 3, 2017 at 16:31
  • 1
    @Kat: Damnit .. completely missed that. :(
    – Lightness Races in Orbit
    Commented Apr 3, 2017 at 16:50

Not the answer you're looking for? Browse other questions tagged or ask your own question.