The data generated by interconnected technologies has to be protected. Passwords are used to protect many different systems and are considered an essential part of cybersecurity. The system often permits the user to select their password, where the user becomes partly responsible for the security. Selecting a predictable, common, or easily guessed password is considered a human error that affects the security of the system. Security mechanisms are often enforced by websites to try to prevent users from creating weak passwords. However, predictable and weak passwords are still used. This study examines the security and usability of password user interfaces with a qualitative approach including a systematic literature review, where the data is analysed with thematic analysis and evaluation of websites with usability testing. The objective is to provide security and usability recommendations based on previous research and users' opinions. The result identifies successful criteria features, feedback features, and usability features that can be implemented in the user interface. In addition, the usability testing results discover usability issues present on commonly used websites. The study concludes that seven security and usability features are necessary in the password user interface when the aim is to encourage users to create secure passwords.