Friday, June 26, 2009

Stop Password Masking:

Jakob Nielsen has made an eloquent statement at Stop Masking Passwords!. He martials excellent arguments for stopping the dumb practice of making it hard to see what password I'm typing. Stop and think for a moment: how often is a miscreant watching you type a password? How often has an unexpected keyboard response driven you crazy when you entered a password? There's more to say about this issue, and Nielsen says it well.

I believe the practice of masking passwords began when people typed passwords on PAPER. In the 1960's, the usual "terminal" that accessed a computer system was a teletype. Everything you typed appeared on its paper printout. Before you typed a password, the computer printed and overprinted to make an ink-black region in which to type.

I would like to see a button next to a password field that I can click to "generate a mask." But masks aren't the perfect solution to anything, as you know, if you've ever typed your password in the 'name' field by accident.


Martin Langeland said...

I thought masking was another bit of harassment like airport security inspections. Why inconvenience the 99+% who aren't a threat instead of concentrating your efforts on making planes harder to hijack? As El
Al did.
But this opens a little leeway-- It is mainly laziness that keeps solving a problem that no longer exists.
Now how do we get rid of those damn Word verification fields that are obscured by hen scratches?

jgfellow said...

The possibility of a spying miscreant cannot be ruled out!