In the case where we are creating a password, we are
often asked to type it twice in case we typed it
incorrectly the first time, since the text field does
not display the characters and we can't visually
confirm what we typed is correct.
I'd like to know if anyone has evidence that shows
this is effective across all users of a system. I'm
skeptical; do 99% of users have to type an extra field
for the 1% who make a mistake and who would otherwise
need to use the recover password function?
Has anyone tried to measure the percentage of times
people mistype the password the second time?