Jakob Nielsen has made an eloquent statement at useit.com: Stop Masking Passwords!. He martials excellent arguments for stopping the dumb practice of making it hard to see what password I'm typing. Stop and think for a moment: how often is a miscreant watching you type a password? How often has an unexpected keyboard response driven you crazy when you entered a password? There's more to say about this issue, and Nielsen says it well.
I believe the practice of masking passwords began when people typed passwords on PAPER. In the 1960's, the usual "terminal" that accessed a computer system was a teletype. Everything you typed appeared on its paper printout. Before you typed a password, the computer printed and overprinted to make an ink-black region in which to type.
I would like to see a button next to a password field that I can click to "generate a mask." But masks aren't the perfect solution to anything, as you know, if you've ever typed your password in the 'name' field by accident.
Friday, June 26, 2009
Subscribe to:
Post Comments (Atom)
2 comments:
I thought masking was another bit of harassment like airport security inspections. Why inconvenience the 99+% who aren't a threat instead of concentrating your efforts on making planes harder to hijack? As El
Al did.
But this opens a little leeway-- It is mainly laziness that keeps solving a problem that no longer exists.
Now how do we get rid of those damn Word verification fields that are obscured by hen scratches?
--ml
The possibility of a spying miscreant cannot be ruled out!
Post a Comment