Masked passwords must go


Idiots, for different reasons

"Users make more errors when they can't see what they're typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business."

Masking does slightly increase the rate of rejected passwords, since users can't see and correct any errors they make. However, after a failed login, most users will retype their password more carefully. The inconvenience is negligible; the security benefit is not. The rest of that quote makes me suspect that they've never actually asked anyone about their 'user experience' with masked passwords. As for lost business, if someone is entering a password, they're either creating an account or already have one, so the site has to be seriously broken to drive them away.

"Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers. More importantly, there's usually nobody looking over your shoulder when you log in to a website."

A skilled locksmith can pick the lock on your house or car, and there usually isn't anyone trying to break into it. Is that a good argument for not having any locks at all? No.

Nielsen has another article/rant about following conventions, but doesn't seem to realize that because password masking is so universally used, people expect it and would be surprised by websites that *don't* do it.

As AC 8:23 and Lex 2 have mentioned, the inconsistent requirements/restrictions of websites is a nuisance. I use a 16-character alphasymbolic password, uniquely modified by the name of the site. I also keep a list of sites for which I have to weaken it because they don't allow symbols, have a maximum length of 8 characters, and so on.

@AC 17:14-

My inner S&G Nazi has been invoked and must point out that it is Godwin's Law, not Goodwin's.


Back to the forum