Principality of KaharagiaDesign System

Create Accounts

Only ask users to create an account if they need to save progress, return later, or access personalised information.

Consider if you need accounts

Many services work better without user accounts. Only add accounts if there is a clear user need.

When to Use Accounts

  • Users need to save progress and return later
  • Users need to check the status of an application
  • Users need to manage ongoing interactions with a service
  • Users need to access personalised information

When Not to Use Accounts

  • For one-time transactions that can be completed in one session
  • When you can use a reference number instead
  • When adding friction would reduce completion rates

Account Creation Flow

A typical account creation flow:

  1. Explain why an account is needed
  2. Collect email address
  3. Send verification email
  4. User clicks verification link
  5. User creates password
  6. Account is created

Email Address

We'll use this to send you a link to verify your account.

<div class="form-group">
  <label class="form-label" for="email">Email address</label>
  <p class="form-hint" id="email-hint">
    We'll use this to send you a link to verify your account.
  </p>
  <input
    class="form-input"
    id="email"
    name="email"
    type="email"
    autocomplete="email"
    aria-describedby="email-hint"
  >
</div>

Verification Email Sent

Check your email

We've sent a verification link to user@example.com.

Click the link in the email to continue creating your account.

The link will expire in 24 hours.

Not received an email?

The email might take a few minutes to arrive.

Check your spam or junk folder.

Send the email again

Create Password

Your password must be at least 8 characters and include a number.

Security Questions

Only use security questions if required by your security policy. They add friction and users often forget the answers.

If you must use them:

  • Let users choose from a list of questions
  • Use questions with memorable, stable answers
  • Don't ask for information available on social media
  • Consider offering alternatives like two-factor authentication

Account Created Success

Account created

You can now sign in to access your account and continue your application.

Password Requirements

Good password requirements:

  • Minimum 8 characters (consider 10+ for sensitive services)
  • No maximum length restrictions
  • Allow all characters including spaces
  • Check against common password lists
  • Don't require specific character types (e.g., uppercase, symbols)

Two-Factor Authentication

Consider offering two-factor authentication (2FA) for sensitive services. Options include:

  • SMS codes (widely accessible but less secure)
  • Authenticator apps (more secure)
  • Hardware security keys (most secure)

Related Patterns