Forms & Data Entry Design

Interactive example · Form validation (inline, on blur)Leave a field empty or invalid

Modern practice: persistent top-aligned labels, validation on blur (not every keystroke), and specific, recoverable error messages tied to the field with aria-describedby.

Key takeaways

Persistent top-aligned labels are the only label pattern that remains readable through all input states, autofill, and assistive technology — retire placeholder-as-label and floating labels.
Validate on blur for fresh fields, switch to real-time feedback once an error has fired, and always link error messages to their fields with aria-describedby and aria-invalid.
WCAG 2.2 adds three directly form-relevant requirements: autocomplete attribute coverage (1.3.5), no redundant entry (3.3.7), and cognitive-function-free authentication (3.3.8).
Token-driven form state styling — built on OKLCH primitives and a three-tier semantic layer — is the only scalable way to keep all states consistent across components and dark mode.
Completion rate, field-level abandonment, and error rate per field are the metrics that make form quality objectively measurable and improvement hypotheses falsifiable.

The full lesson

Forms are where intent becomes action. Every sign-up, checkout, application, and settings change passes through a form. That makes forms the highest-stakes UI pattern in most products.

Yet forms are often treated as afterthoughts — copy-pasted field sets with placeholder labels, errors that only appear after you hit Submit, and no clear path to recovery. Getting forms right is measurable: it shows up in completion rates, support volume, and revenue.

This lesson covers the full anatomy of a well-designed form: label strategy, input types, validation timing, error messaging, accessibility under WCAG 2.2, and the habits the field has collectively abandoned.

Label Strategy: The Foundation Everything Else Rests On

The most important decision in form design is how you handle labels. Two outdated patterns still appear everywhere in 2026, and both should be retired.

Placeholder-as-label uses the placeholder text inside the input as the only label. The field looks clean when empty. The moment a user types a single character, the label vanishes. Users with short-term memory challenges, anyone filling in a long form, and anyone who tabs back to review their answers all lose critical context. Worse, browser autofill fills fields before the user has read them — leaving a form they cannot audit.

Floating labels were meant to be a compromise. The label text lives inside the field, then animates upward on focus. In practice, floating labels have five compounding problems: insufficient contrast in the floated position, animation that disorients users with vestibular disorders, ambiguity about whether the field is already filled, poor autofill compatibility, and the same disappearance problem when the field is active.

The modern standard is persistent top-aligned visible labels. The label sits above the input and stays visible at all times — no interaction needed to read it. Eye-tracking research consistently shows this layout produces the fastest scan path. Users read label-input-label-input in a straight line, with no lateral eye movement.

Use visible, top-aligned labels that stay present before, during, and after input. Write labels as concise noun phrases (“Company name”, “Date of birth”). Put format hints below the input as hint text (“DD/MM/YYYY”) rather than hiding them in the placeholder.

Don't

Use placeholder text as a substitute for a label. Don’t float labels inside the input field — the animation confuses users and the pattern has consistent usability failures at scale. Avoid right-aligned or inline labels on forms with more than two fields; they break the scan path.

Input Type Selection

Browsers offer a rich set of input types — email, tel, number, date, url, password, search — and each one affects behavior and accessibility far beyond how it looks.

Selecting type="email" on mobile shows a keyboard with the @ symbol prominently placed, reducing taps. type="tel" shows a numeric dial pad. type="number" adds spin controls, which are actively harmful for fields like phone numbers or zip codes — they look numeric, but they aren’t arithmetic. Choose the input type that matches how the user thinks about the data, not just how it’s stored.

For multi-option selection, use this decision table:

Scenario	Correct Control	Avoid
2-5 mutually exclusive options, always visible	Radio group	Select dropdown
6+ mutually exclusive options	Select dropdown with search	Long radio list
Multiple selections, small set	Checkbox group	Multi-select `select`
True/false single toggle	Checkbox or toggle switch	Radio with Yes/No
Date range	Dual date picker with calendar	Two free-text inputs

Select dropdowns (select) deserve special caution. They perform poorly on mobile because native OS pickers are inconsistent across devices. They can’t be styled to match a design system without custom replacements. And they are inaccessible to keyboard users unless the underlying semantics are preserved. A custom select built from a listbox role with proper aria-activedescendant management is more work, but delivers a better experience across devices.

Inline Validation: Timing and Specificity

Validation timing is where most implementations go wrong — usually in one of two directions. Too eager: validating on every keystroke, firing errors while the user is still typing. Too late: validating only on submit, forcing users to hunt for errors after the cognitive cost of completing the whole form.

The evidence-backed approach is blur-time validation with conditional real-time feedback:

Validate on blur — when the field loses focus, after the user has finished typing but before they hit submit.
Once an error appears, switch to real-time validation as the user corrects their input. Give immediate confirmation that the fix worked.
On submit, re-run full validation and scroll to the first error.

Error messages must be specific and actionable. “Invalid input” tells the user nothing. “Email address must contain an @ symbol” tells them exactly what to fix. “Password must be at least 8 characters and include one number” is better still. The pattern is: what is wrong + how to fix it.

Connecting error messages to their fields semantically is mandatory. Here is the HTML pattern:

<input
  id="email"
  type="email"
  aria-describedby="email-error"
  aria-invalid="true"
/>
<span id="email-error" role="alert">
  Enter a valid email address, like [email protected]
</span>

The aria-describedby attribute links the error to the field so screen readers announce it when the field is focused. The role="alert" on the error container causes screen readers to announce the error immediately when it appears. aria-invalid="true" tells the browser and assistive technology that the field is in an error state.

Without this wiring, a red border and error text is visible only to sighted users — failing WCAG 2.2 Success Criteria 3.3.1 (Error Identification) and 3.3.3 (Error Suggestion).

Form Structure and Progressive Disclosure

Long forms fail before they start. Users see a page full of fields and either abandon immediately or rush through without care. Two structural tools address this.

Chunking groups related fields under visible section headers. A checkout form is not 14 fields — it is three sections: Contact, Delivery, Payment. Users can track their progress through meaningful milestones instead of counting inputs.

Multi-step forms (wizards) go further: they split the form across separate screens. Each screen has one clear goal, and a progress indicator keeps users oriented. The trade-off is cognitive overhead between steps (users can’t easily review previous answers) and added latency if each step requires a server round-trip. The choice between a single-page chunked form and a multi-step form depends on form length, the cognitive load of each section, and whether partial saves matter.

Conditional logic reveals or hides fields based on prior answers. A “billing address same as shipping” checkbox that makes six fields disappear reduces both cognitive load and error rate. Implement this with JavaScript that updates aria-hidden and disabled attributes. Hidden fields should not receive focus and should not submit values.

Button Design and Submission

The submit button deserves as much design attention as any field. Three common failures:

Generic labels — “Submit” is the weakest possible submit label. “Create account”, “Place order”, “Send message”, and “Save changes” are each more specific, more confidence-building, and easier to recover from if the user clicks by accident. Write the label so it completes the sentence “I want to ___”.

Multiple primary CTAs — a form with “Save Draft” and “Publish” styled identically creates ambiguity about which is the primary action. Use visual hierarchy: one primary button (filled, high-contrast), with secondary actions as ghost or text buttons.

No loading state — clicking submit and waiting with no feedback produces rage-clicks and duplicate submissions. Disable the button on first click and replace the label (or add a spinner) to confirm the request is in progress. Restore the button and show a specific error message if the request fails.

For destructive or consequential submissions — deleting data, placing an order, sending an irreversible message — add a confirmation step. Use either a dialog or a reversible action with an undo window. Don’t rely on user caution alone.

Accessible Authentication and Cognitive Load

WCAG 2.2 introduces Success Criterion 3.3.8 (Accessible Authentication). It prohibits requiring users to solve cognitive function tests — including memory-based CAPTCHAs and transcription challenges — as the only method of authentication. A login form that forces users to type distorted text, solve arithmetic, or recall a previously set image is now non-compliant at AA level.

Modern alternatives are compliant: passkeys, magic links, OAuth with a third-party identity provider, or CAPTCHAs that offer an audio or logic-free alternative. For internal tools and enterprise forms, two-factor authentication via authenticator app or SMS is both more secure and more accessible than knowledge-based puzzles.

The broader principle is minimizing cognitive load throughout the form:

Auto-focus the first field on page load — but not in multi-step flows where a heading announces the new step first.
Allow paste into all fields. Blocking paste in password fields forces transcription errors and is an accessibility failure.
Never mask SSNs, phone numbers, or dates in a way that removes the user’s ability to verify their input.
Offer “Show password” toggles rather than requiring users to rely on muscle memory for invisible characters.

Token-Driven Consistency Across Form States

A form component spans a wide state space: idle, focused, filled, error, success, disabled, and read-only. Each state needs a visually distinct treatment. Hardcoding colors per component leads to drift — a designer updates the error red in one component and misses it in three others.

The modern approach drives all form state colors from a three-tier design token system:

Primitive tokens define raw values: --color-red-600: oklch(52% 0.19 25)
Semantic tokens assign meaning: --color-input-border-error: var(--color-red-600)
Component tokens reference semantics: the input’s border-color in error state consumes --color-input-border-error

This means dark mode is handled at the semantic tier. --color-input-border-error gets a different primitive in dark contexts without touching component code. A brand palette change propagates everywhere consistently.

OKLCH (a perceptually uniform color space) is the right choice for building these tokens. In OKLCH, a lightness step of 10% produces a visually consistent change regardless of hue — something HSL fails at for blues and greens. For WCAG 2.2 AA compliance, color-contrast() in CSS or a build-time check can verify that all state combinations meet the 4.5:1 threshold for normal text and 3:1 for large text and UI components.

Measuring Form Effectiveness

Form performance is among the most directly measurable outcomes in UX. Useful metrics in priority order:

Completion rate — the percentage of users who start a form and successfully submit it. Segment by device, entry point, and user cohort to find where drop-off is concentrated.
Field-level abandonment — session recording tools can show which field is active when a user leaves. A disproportionate drop after a specific field signals a labeling, validation, or trust problem at that point.
Error rate per field — how often each field triggers a validation error. High error rates on a “phone number” field often reveal a missing format hint or an over-strict validation regex.
Time to complete — long completion times on short forms suggest confusion, not deliberation. Pair with session recording to see where users pause.
Customer Effort Score (CES) — a post-completion prompt asking “How easy was it to complete this form?” on a 1-7 scale. CES is more sensitive to friction than NPS and directly actionable.

Redesign decisions should be validated quantitatively. If you split-test a label change, you need enough sessions to reach statistical significance — typically 200+ completions per variant for a metric moving from 70% to 75% completion rate. Five usability sessions will tell you what is confusing; they cannot tell you how much a fix improved it.