General rules

Use “log in” and “log out” as the action verbs instead of “sign in” or “sign out” for consistency.

• Log out
• Log in to get started
• Log in with Microsoft ID

• Log off
• Sign out

Use “login” and “logout” as the nouns instead of “signoff” or “logoff” for consistency.

• Logout
• The login button is located on the top right corner of the screen.
• After logout, you’ll be directed to the homepage.

• Logoff

Use “create account” instead of “register” for consistency and transparency.

• Create account
• Register

• Join
• Enroll
• Sign up

Provide feedback and guidance when there are unexpected errors during login.

• Unexpected error during login. Open homepage and try again.

• An unexpected error occurred during login.

Provide clear actions when users need to log in again or have been logged out unexpectedly.

• Session expired due to inactivity. Log in to continue working.
• Session expired due to inactivity. Log in again to continue working.

• Your session has expired.

Avoid generic “refresh” or “reload” buttons, instead move users forward with concrete actions.

• Failed to log in. Check your credentials and try again.

• Login failed. Refresh page.

Avoid using question prompts to make texts leaner and avoid punctuation issues.

• Forgot password
• Request new password
• Create account

• Forgot your password?
• Don’t have an account? Register now
• Already have an account?

Clearly explain password policy to avoid frustration or user friction.

• Minimum 12 characters
  Minimum 1 uppercase letter (A-Z)
  Minimum 1 number
  Minimum 1 special character (!@#$%^&*)

• Ensure you meet the password criteria.

Guide users when they add invalid input to support password creation.

• Matches one of your last 3 passwords
• Uses invalid characters
• Missing a lower case letter
• Contains spaces
• Contains your username

• Wrong password format
• Invalid
• Error
• Try again
• Password error code: 5467

Show real-time password strength.

• Weak
• Fair
• Strong
• Very strong

• Not strong enough

Avoid using password or password-related jargon or abbreviations.

• One-time password

• OTP

Use “change password” instead of “update password” for consistency.

• Change password

• Update password

Use “email” or “email address” as both are acceptable.

• Enter a valid email.
• Enter a valid email address.
• Enter your email below to receive a password reset link.
• Incorrect email or password. Check your details and try again.

Use * consistently to indicate required fields depending on space limitations.

• First name*

Use “verify” and “verification” when users need to authenticate with their credentials.

• Verification code
• Verify your account

• Validate
• Confirm
• Authenticate

Use “first name” and “last name” instead of “surname”, “given name” or “Christian name”.

• First name / Last name

• Given name / Surname

Use “ZIP code” (US English) instead of “postcode” (UK) as we use the American English variation.

• Enter ZIP code

• Enter postcode

Use generic password error messages to avoid leaking information.

• Failed to log in. Incorrect username or password.
• Failed to log in. Incorrect user email or password.

• 1 number was incorrect on this password. Try again.

Use generic password recovery messages to avoid leaking information.

• If that email address is in our database, we will send you an email to reset your password.
• If your email address is registered, you’ll receive a password reset email.

• Account is locked.

Use specific authentication terms and use them consistently within workflows to avoid confusion.

• Code / Authentication code / Code verified

• Code / Token / Passcode / Digits

Dos and Don’ts

• Do explain compliance requirements when applicable, e.g. “Required by company security policy”
• Do use consistent terminology to reduce user friction and frustration
• Do show password policies before users start writing within the UI
• Don’t use questions such as “Forgot your password?”

Related

• Onboarding
• Names and titles