Friday, June 26, 2009

Stop Password Masking:

Jakob Nielsen has made an eloquent statement at Stop Masking Passwords!. He martials excellent arguments for stopping the dumb practice of making it hard to see what password I'm typing. Stop and think for a moment: how often is a miscreant watching you type a password? How often has an unexpected keyboard response driven you crazy when you entered a password? There's more to say about this issue, and Nielsen says it well.

I believe the practice of masking passwords began when people typed passwords on PAPER. In the 1960's, the usual "terminal" that accessed a computer system was a teletype. Everything you typed appeared on its paper printout. Before you typed a password, the computer printed and overprinted to make an ink-black region in which to type.

I would like to see a button next to a password field that I can click to "generate a mask." But masks aren't the perfect solution to anything, as you know, if you've ever typed your password in the 'name' field by accident.
Post a Comment