Security

Should We Stop Masking Passwords?

by on June 25, 2009 · 3 comments

Post image for Should We Stop Masking Passwords?
email

Logging in to our computers or various web services is a normal routine we all go through every day.  Each of us probably has half-a-dozen usernames across the web, with at least double that in passwords.  We’re all also very used to the standard format when logging into a service: plain-text username and a censored password—often with bullets or asterisks.

But  some experts say that we should get rid of password masking.  Jakob Nielsen states that the censorship holds minimal benefits when compared to the drawbacks.

Nielsen makes the following claims:

  • Users make more errors when they can’t see what they’re typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.)
  • The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.

He does make interesting points, however I still am concerned about that prying eye sitting next to me.  There are many times when I’m logging into a sensitive account in front of others and I do not want them to see my password.  Logging into computers on campus is a good example.  Nielsen does address this, though:

Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they’re using an Internet cafe. It’s therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default. In cases where there’s a tension between security and usability, sometimes security should win.

I personally don’t have a problem with maintaining the masking.  I don’t think I suffer to greatly from not being able to see what I type.  But apparently some do.  What do you think?  Should the standard be changed to allow plain-text view of passwords?  Leave us a comment!

  • Wanyal


    The problem with removing masks is, that, a lot of people access facebook/twitter/cloud accounts in public spaces where anyone can just pry in. Especially with devices such as netbooks and smartphones which become more and more portable.

    This makes removing passwords masks an utterly ridiculous idea as then, just anyone can grab any of my passwords just by walking past.

  • http://twitter.com/porkens Daniel Carey


    To remove pasword masking is an utterly ridiculous task. For many people that can type and type correctly it would not matter if they can see what is being typed. Besides you get it wrong it just doesn't log you in, the only time getting a password wrong matters is if you have a secure server and you only get several attempts at logging in before you get kicked out.

  • http://twitter.com/Artellos Olrik Lenstra


    Quoting:
    (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.

    I personally Copy/Paste my Passwords from a password database called “KeePass” which can be accessed by a Master Password. I do not know any of my passwords since they are randomly generated.

    Regards,
    Olrik