Should We Stop Masking Passwords?
Logging in to our computers or various web services is a normal routine we all go through every day. Each of us probably has half-a-dozen usernames across the web, with at least double that in passwords. We’re all also very used to the standard format when logging into a service: plain-text username and a censored password—often with bullets or asterisks.
But some experts say that we should get rid of password masking. Jakob Nielsen states that the censorship holds minimal benefits when compared to the drawbacks.
Nielsen makes the following claims:
- Users make more errors when they can’t see what they’re typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.)
- The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.
He does make interesting points, however I still am concerned about that prying eye sitting next to me. There are many times when I’m logging into a sensitive account in front of others and I do not want them to see my password. Logging into computers on campus is a good example. Nielsen does address this, though:
Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they’re using an Internet cafe. It’s therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default. In cases where there’s a tension between security and usability, sometimes security should win.
I personally don’t have a problem with maintaining the masking. I don’t think I suffer to greatly from not being able to see what I type. But apparently some do. What do you think? Should the standard be changed to allow plain-text view of passwords? Leave us a comment!