Changing a NetSuite Password: A UX / UI disaster zone

The following message arrived in my inbox today from NetSuite informing me that my password was due to expire. To some, it may not raise an eyebrow, but to me it most certainly did. Call it my years of providing technical instructions, but this email and the subsequent password change process is wrong on so many UX and UI levels.

The Message's Language and Tone

The message's language and tone could do with some changes:
  • The message starts with "Dear User". Apart from being impersonal, not addressing the user by their first name is one of the first signs of spam. It is easy to place a variable in the message's template to use the value of the "First Name" field in my user profile.
  • The line spacing of the text is squashed. It would look better if additional carriage returns were added.
  • Although it may be obvious to some that the link displayed in the message can be used to change your password, it may not be to all. This is especially true as you have to look hard at the URL to discover there's a "changepwd" string. It would be better if the link was preceded by some text.
  • The sentence, "Please change it before expiration to avoid issues with related access" is wordy and slightly confusing (e.g. "before expiration" and "related access"). In my opinion, you should also state the issue first followed by the solution. I'd change the sentence to, "To avoid being unable to access your account, use the link below to change your password before it expires."
  • The table displays information about the NetSuite account. Not only is this not needed, but some of it (e.g. Days to Expire) is also a duplication of information elsewhere in the message.
  • Explicitly stating not to respond to a message is alright, so long as you state why (e.g. because the mailbox isn't monitored).

The Change Password Process

Clicking on the link in the message displays the following dialog. The change process is pretty straightforward, but again it could do with some UI and language tweaks.
There are some good elements to the Password Criteria panel (e.g. the green ticks) but it needs some introductory text to outline the criteria. For example, "Your new password must:" As for the criteria text itself, I'd amend it as follows:
  • The password criteria text needs amending to be more grammatically in tune with the introductory text. For example, "Be at least 10 characters."
  • It states that illegal characters aren't allowed, but doesn't state what these are.
  • The phrase "at least 3 of these 4 character types" should be changed to "Contain at least 3 of the following:". It is bad practice to add numbers as the text needs changing if the criteria changes.
Perhaps the biggest user experience faux pax is how to save your new password. A better experience is repositioning the Save and Cancel buttons below the three password fields. I'd also change the UI so you could use the keyboard's tab key to highlight the buttons. This would enable the use of the Enter key to submit the change without your hands leaving the keyboard.

Confirmation Message

With your password changed, I received a further message from NetSuite confirming the change. Whilst welcome to ensure no fraudulent change has taken place, it has similar issues to the initial message.


The overall experience of changing my NetSuite password wasn't a pleasurable one. It could be argued that I'm over thinking such a simple process, but I disagree. I've been in this game long enough to know that it isn't just about providing clear instructions. It is also about design and usability. A user's opinion of an application's usefullness is coloured by how easy it is to use. That in turn is judged by how it displays. NetSuite's password change process needs a complete overhaul to make it pass muster.