Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn’t even increase security, but it does cost you business due to login failures.
This sounds like Nielson kicking up publicity. This is shorter than his normal articles and he hasn’t backed this one up by mentioning his latest rounds of usability tests. He’s often got really good points, but this is one that I have issue with.
Nielson has forgotten that the reason password masking exists is if you type it out but don’t submit the form right away, then it won’t be on the screen for a long length of time for passers-by to ‘shoulder-surf’. The form could be really really long and/or you might be a really slow typist.
Padlocks and deadbolts keep honest people honest. The same goes for password masking.
Not to mention that password masking is visual shorthand reminder for the personal habits of “you should remember what you right in this box, cos even you won’t see it” and “no-one else should see this but you”. If we removed this ‘tell’, what would become of the culture of ‘protect your password’?
Think of where, other than web sites, that password masks get used. ATMs, EFTPOS machines, computer software, the Operating System uses it. Western culture is conditioned to this design pattern, and I speculate that the only people who have trouble remembering passwords are the ones who were born before 1980.
I guess a compromise would be to have the field in plain text when it has focus, switching to a password mask on blur…? Not a difficult solution.
There have been many requests to use this image on other websites, so I’ve decided to release it under a Creative Commons license. You are free to reuse the image on your own website as long as credit is given and linked back to RobotJohnny.com.
My slides are licensed under a Creative Commons Attribution 3.0 License.Â You are free to share and remix my work without limitation as long as you credit me, Brett Taylor, with a link to this blog post.
. . .
I had a really good time at the WDANZ Conference. While there wasn’t a spectacular turn out, the quality of the speakers was second-to-none. I learned an absolutely epic amount of stuff about the business hemisphere of this industry, and met some of the most highly respected developers in New Zealand. I won’t be missing the next WDANZ conference in my city!