logoalt Hacker News

soneiltoday at 10:58 AM4 repliesview on HN

I'm curious if there's a reason this six-cell mechanism has become the defacto?

It seems this should just be a single input field styled appropriately, but it feels like there must be an underlying reason I'm missing.


Replies

msdztoday at 11:23 AM

First off: I’m not really well-versed in terms of UX design, so these next guesses are as good as anyone’s:

- Six boxes communicate “== six digits, != password” (try to imagine the least tech-savvy user)

- Some people might not be able to quickly hold six digits in their head at once (especially seems to be the case with older people, from my experience), so seeing “I’ve already got two/three/four” visually is potentially an efficiency boost. This also correlates (again, just from my anecdotal experience) with the population that doesn’t have a password manager handling 2FA for them automatically…

- This is probably down to preference, but IMO it also feels faster somehow than a single input field with six digits, when it works properly (with the caveat that it feels much worse/slower if it doesn’t work)

- Now that everyone does it, you’re kinda forced to adopt it as well for recognizability.

But it’s an interesting question – we can’t ever imagine entering postal ZIP codes like that and yet that’s an area where it’d actually make more sense since there’s usually some notion of “more significant” digits at the start vs. end, so you could perhaps do some cool tricks with regard to pre-filtering state, city etc. names. Whereas OTP codes are (AFAIK) essentially fully random digits with no meaningful distinction.

recursivecaveattoday at 4:25 PM

I wish they were just regular inputs. A significant portion of them I encounter have some kind of cursor navigation or paste bug. I think this mechanism is the perfect Goldilocks-zone control of simple enough that people rewrite it from scratch, but text input has enough hidden complexity that it's easy to get something wrong.

TonyTrapptoday at 11:22 AM

> It seems this should just be a single input field styled appropriately

Anecdotally, this seems to be the case on the majority of websites where I have to use such 2FA codes.

RobotToastertoday at 11:08 AM

I'm guessing someone at some point thought that preventing copy and paste would stop bots, then everyone copied them.