10 Reasons To Buy An iPad
Headlines »
10 Reasons To Buy An iPad
January 29, 2010 – 9:20 AM | Comments

Not sure whether you want to buy an iPad?  On the fence about it?  You are not alone.  Even with the slight disappointment, I decided that I will in fact be purchasing one.  The only …

Read the full story »
Geek

Read about the latest geek trends, news, and gadgets right here!

Malware Report

Learn about the latest threats online, how to remove them, and even how to prevent them.

Software

Find all the latest and greatest software out there for Windows, Mac, and Linux.

Twitter

Keep up with the latest from one of the web’s hottest sites (twitter.com).

Video

Never miss another of my videos again – view the latest videos from live.besttechie.net!

RSS FeedEmail SubscriptionsTwitterYouTubeFacebook
Share

Home » Security
    Share/Bookmark

Should We Stop Masking Passwords?

Submitted by Matt Hodges on June 25, 2009 – 5:55 PMComments
Should We Stop Masking Passwords?

Logging in to our computers or various web services is a normal routine we all go through every day.  Each of us probably has half-a-dozen usernames across the web, with at least double that in passwords.  We’re all also very used to the standard format when logging into a service: plain-text username and a censored password—often with bullets or asterisks.

But  some experts say that we should get rid of password masking.  Jakob Nielsen states that the censorship holds minimal benefits when compared to the drawbacks.

Nielsen makes the following claims:

  • Users make more errors when they can’t see what they’re typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.)
  • The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.

He does make interesting points, however I still am concerned about that prying eye sitting next to me.  There are many times when I’m logging into a sensitive account in front of others and I do not want them to see my password.  Logging into computers on campus is a good example.  Nielsen does address this, though:

Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they’re using an Internet cafe. It’s therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default. In cases where there’s a tension between security and usability, sometimes security should win.

I personally don’t have a problem with maintaining the masking.  I don’t think I suffer to greatly from not being able to see what I type.  But apparently some do.  What do you think?  Should the standard be changed to allow plain-text view of passwords?  Leave us a comment!

Related Products:

Quick Picks Password Travel Game
Password DVD
Best of Password
Best of Password: 32 Episodes (3pc)
Endless Games MILLION DOLLAR PASSWORD

You might also like:

My Thoughts On OpenID

UK ISPs Looking At Tiered Services To Combat Piracy

The Best Online Backup Services

Attention iPhone Owners: If Your iPhone Overheats It’s Your Fault (Currently)

Tags: ,

  • Wanyal
    The problem with removing masks is, that, a lot of people access facebook/twitter/cloud accounts in public spaces where anyone can just pry in. Especially with devices such as netbooks and smartphones which become more and more portable.

    This makes removing passwords masks an utterly ridiculous idea as then, just anyone can grab any of my passwords just by walking past.
  • To remove pasword masking is an utterly ridiculous task. For many people that can type and type correctly it would not matter if they can see what is being typed. Besides you get it wrong it just doesn't log you in, the only time getting a password wrong matters is if you have a secure server and you only get several attempts at logging in before you get kicked out.
  • Quoting:
    (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.

    I personally Copy/Paste my Passwords from a password database called "KeePass" which can be accessed by a Master Password. I do not know any of my passwords since they are randomly generated.

    Regards,
    Olrik
blog comments powered by Disqus