Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
Password Masking: love it or leave it?
Password masking - the practice of replacing the characters a user types into password entry field with bullets - has been widespread on the web for a long time. Jakob Nielsen recently wrote a thought-provoking post suggesting masking is hurting more than it helps, and that it's only being kept around out of habit. I'll try to make the case for and against masking here, and let Download Squad readers weigh in on the subject.Down With Masking:
Masking ruins the user experience. When users can't see what they're typing, they're likely to make mistakes and second-guess themselves. Did I forget my password, or did I just make a typo? After enough login failures, they'll either stop using your site or call support. As a result, users try to get around the problems of masking by entering a simple, insecure password, or by copying and pasting their passwords in. Why are we continuing a practice that undermines user security and adds uncertainty to the user experience? Masking has got to go.
Masking Forever:
Masking doesn't make users feel insecure, it makes them feel more secure. It was instituted for a reason: to keep someone who might be reading over your shoulder from reading your password. Maybe this has become less of a concern over the years, but masking has picked up some new, equally important uses, too. What if you're screensharing with a coworker or recording a screencast that happens to include your site's login process? Users have come to expect masking. When they run into the rare site that doesn't use it, they get nervous that their password might be sent unencrypted. Part of good design is giving users what they expect, so keep giving them password masking.
So, readers, what do you think? Take the poll, and let me know in the comments if you've got better arguments for or against.
| Love it | |
|---|---|
| Leave it | |
| I wouldn't notice one way or the other |
Comments
29
Subscribe to commentsWewtacoJun 27th 2009 11:38PM
I think they should start doing what many wifi managers do: have a check box that asks if you want to mask it or not. That way, if someone is looking over your shoulder, you can mask it.
gtdJun 27th 2009 11:53PM
Who here hasn't used a 4 letter word having to do with physical relations at some point in a password? I'll keep masking thank you very much.
LatzJun 28th 2009 6:29AM
I'm all alone in my office all day long. Masking my passwords is totally worthless so I installed Unhide Passwords to see what I am typing and not wondering why I can't log in somwhere.
byronlutzJun 28th 2009 6:46PM
I don't like masking, but I don't mind it. It's necessary for anyone who works in an environment where there are other people around. For example, teachers who use web-based grading systems would have problems if all their students saw their password. Masking should be the default, but firefox should add an option in about:config to disable it (so you don't have to download the greasemonkey script).
Jonathon HibbardJun 28th 2009 8:21PM
The fact is, masking is a great alternative to just showing the password you are wanting to type on your login.
What if you leave your computer unattended while typing in the password?
What if while in the middle of typing in your password, you minimize a window, and forget about it, just to restore the window in front of a co-worker?
Masking is a great thing, and anyone who says it should be unmasked either doesn't understand security or basically is hoping FOR it to make their lives of cracking easier.
Either way, masking isn't exactly "secure" either. The password is still being stored in plain text.
The best solution is to use SSL for login forms. However, masking is just an absolute necessity for the sake of eye-ball security.
Just because there are idiots out there who can't use a keyboard doesn't mean the rest of us should suffer.
m2nazmulJul 3rd 2009 1:05AM
To avoid these sort of issue... i simply use fingerprint authentication which doesnt require me to put any password or user name. just open the page and scan your finger. Its simple.
I got this software and the reader from M2SYS(www.m2sys.com). the solution is named Desktop Biometric Suite (DBS).
www.m2sys.com/DBS.htm
its fun and secure! i love it!!!
edododo_doJul 7th 2009 8:02AM
Although I agree that password masking can be annoying sometimes, I think that it should be kept as default, both because people looking over your shoulder or, as you said watching a presentation can see it and because it gives some users a sense of security.
However I think browsers should have an option to unmask passwords, maybe even based on the URL (eg. mask only Online Banking passwords).
Jeremy BergsmanJul 10th 2009 4:34PM
Glad to see most commenters here understand the value of masking, although ultimately it is a tradeoff between usability and security.
The funny thing about this debate is that there are several usability/security tradeoffs just around passwords, and this is the *least* important one. Try password complexity rules for example. Sure, they're harder to crack by brute force, but when does that happen? Instead, complexity rules force people to write down their passwords, which really does cause compromises.
I take a look at 5 such tradeoffs here:
http://irec.wordpress.com/2009/07/08/5-properties-of-passwords-that-must-be-managed-to-reduce-risk/
asdfJul 15th 2009 10:38PM
I think this should be a browser implementation, not a web app implementation. Maybe even a firefox plugin (web developer technically has this feature).
Browsers should render password elements in an intuitive way that gives you the option to unmask it. Masking should always default.