Just had this one come through the wire:
Jakob Nielsen’s Alertbox, June 23, 2009: Stop Password Masking
Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn’t even increase security, but it does cost you business due to login failures.
This sounds like Nielson kicking up publicity. This is shorter than his normal articles and he hasn’t backed this one up by mentioning his latest rounds of usability tests. He’s often got really good points, but this is one that I have issue with.
Nielson has forgotten that the reason password masking exists is if you type it out but don’t submit the form right away, then it won’t be on the screen for a long length of time for passers-by to ‘shoulder-surf’. The form could be really really long and/or you might be a really slow typist.
Padlocks and deadbolts keep honest people honest. The same goes for password masking.
Not to mention that password masking is visual shorthand reminder for the personal habits of “you should remember what you right in this box, cos even you won’t see it” and “no-one else should see this but you”. If we removed this ‘tell’, what would become of the culture of ‘protect your password’?
Think of where, other than web sites, that password masks get used. ATMs, EFTPOS machines, computer software, the Operating System uses it. Western culture is conditioned to this design pattern, and I speculate that the only people who have trouble remembering passwords are the ones who were born before 1980.
I guess a compromise would be to have the field in plain text when it has focus, switching to a password mask on blur…? Not a difficult solution.
> the only people who have trouble remembering passwords are the ones who were born before 1980
And those which have to endure security systems which enforce regular unique password changes. /me fumes at National Bank’s business banking
Odd coincidence, I was thinking about the utility of masking password input recently. Touch typing them means I often have to blank the entire field and retype when I think I may have mistyped. Plus there is always the caps lock issue, ie, I can’t see the case of the password.
I like your suggested solution, particularly as it would be something implementable on the client side.