Should Passwords Be Masked in Online Forms?
DVLA’s phone number: 0300 790 6801
Jakob Nielsen’s latest Alertbox raises and interesting and controversial question – should passwords be masked in online forms?
Nielsen argues that usability suffers when passwords are just a series of bullets and that it causes sites to lose business due to customers struggling to log in.
When you make it hard for users to enter passwords you create two problems â€” one of which actually lowers security:
Users make more errors when they can’t see what they’re typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.)
The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.
Personally I’m quite happy with the idea that passwords are visible in plain text although I agree with the requirement to have a checkbox for when I’m in public place. The big issue for me is that a large proportion of web users don’t really understand things and are likely to assume that passwords visible in plain text are somehow less secure than passwords that are converted to bullets.
There are huge numbers of people who don’t understand Internet, ranging from the dozens of people every month who search for www.direct.gov.uk/taxdisc and then email me thinking I’m the DVLA to the people who complain to our clients that their ecommerce forms are publicly displaying their credit card number when it’s just their browser auto-complete function.
What do you think?
Latest from B3Labs
- Another milestone reached for Branded3 as it’s acquired by the
St Ives Group
- The latest media consumer findings & what they mean for digital marketers
- Talk to Branded3 at @BuyYorkshire in Leeds next week!
Latest from Blogstorm
- Why your press releases are getting you penalised
- After five years, Google still doesn’t know how to rank images
- Tickets now on sale for the next #B3Seminar in London – book now!