Friday, June 26, 2009

Stop Password Masking:

Jakob Nielsen has made an eloquent statement at useit.com: Stop Masking Passwords!. He martials excellent arguments for stopping the dumb practice of making it hard to see what password I'm typing. Stop and think for a moment: how often is a miscreant watching you type a password? How often has an unexpected keyboard response driven you crazy when you entered a password? There's more to say about this issue, and Nielsen says it well.

I believe the practice of masking passwords began when people typed passwords on PAPER. In the 1960's, the usual "terminal" that accessed a computer system was a teletype. Everything you typed appeared on its paper printout. Before you typed a password, the computer printed and overprinted to make an ink-black region in which to type.

I would like to see a button next to a password field that I can click to "generate a mask." But masks aren't the perfect solution to anything, as you know, if you've ever typed your password in the 'name' field by accident.
Post a Comment