Comments on: Should Passwords Be Masked in Online Forms? http://www.branded3.com/blogs/should-passwords-be-masked/ Digital and SEO Agency Thu, 23 May 2013 12:58:00 +0000 hourly 1 http://wordpress.org/?v=3.4.2 By: Michael http://www.branded3.com/blogs/should-passwords-be-masked/comment-page-1/#comment-7780 Michael Mon, 29 Jun 2009 15:03:37 +0000 http://www.blogstorm.co.uk/?p=2569#comment-7780 I usually go with Nielsen's suggestions, but this time I'd say it heavily depends on your audience and the device they're using. Your point with users feeling that a plain-text password is somehow less secure is a good one - I think most users just don't get if there is an (additional) checkbox saying "mask my password". Users are just used to the password masking - but I think it'll be worth changing to plaintext passwords on new devices such as smart phones - cause there's isn't a standard yet. But then each website would have to detect the browser first and deliver different password fields ... which can be quite a pain in the neck. I usually go with Nielsen’s suggestions, but this time I’d say it heavily depends on your audience and the device they’re using. Your point with users feeling that a plain-text password is somehow less secure is a good one – I think most users just don’t get if there is an (additional) checkbox saying “mask my password”. Users are just used to the password masking – but I think it’ll be worth changing to plaintext passwords on new devices such as smart phones – cause there’s isn’t a standard yet. But then each website would have to detect the browser first and deliver different password fields … which can be quite a pain in the neck.

]]> By: pamidstate http://www.branded3.com/blogs/should-passwords-be-masked/comment-page-1/#comment-7779 pamidstate Fri, 26 Jun 2009 13:58:45 +0000 http://www.blogstorm.co.uk/?p=2569#comment-7779 At first my thought is "Argh" - yes, the only one to be worried about is the guy looking over my shoulder... all data still goes through the pipes, whether we can see what we are typing or not. Then as I am reading through the comments, I remember watching a keynote (but sorry, I can't remember where or when ) as the presenter showed a one hour long, non-technical way of 'hacking' people and accounts. He showed a whole bunch of images and some video, basically just paying attention to what was on the targets conference badge, parking hang tag, and snooping over a shoulder to see what programs were running in the desktop tray (lower right corner of Windows). Amazing how much you could tell, just by observing. So, will someone be able to snoop your easily readable password over your shoulder? You bet! At first my thought is “Argh” – yes, the only one to be worried about is the guy looking over my shoulder… all data still goes through the pipes, whether we can see what we are typing or not.

Then as I am reading through the comments, I remember watching a keynote (but sorry, I can’t remember where or when ) as the presenter showed a one hour long, non-technical way of ‘hacking’ people and accounts. He showed a whole bunch of images and some video, basically just paying attention to what was on the targets conference badge, parking hang tag, and snooping over a shoulder to see what programs were running in the desktop tray (lower right corner of Windows). Amazing how much you could tell, just by observing.

So, will someone be able to snoop your easily readable password over your shoulder? You bet!

]]> By: Patrick Altoft http://www.branded3.com/blogs/should-passwords-be-masked/comment-page-1/#comment-7778 Patrick Altoft Fri, 26 Jun 2009 10:56:22 +0000 http://www.blogstorm.co.uk/?p=2569#comment-7778 @Joff my iPhone does that - just displays it for long enough so you can see if you hit the wrong key. @Joff my iPhone does that – just displays it for long enough so you can see if you hit the wrong key.

]]> By: Rick http://www.branded3.com/blogs/should-passwords-be-masked/comment-page-1/#comment-7777 Rick Fri, 26 Jun 2009 10:29:48 +0000 http://www.blogstorm.co.uk/?p=2569#comment-7777 Im not sure where I sit with this one. In the middle I think, as I do feel that if users were to see the password etc. that they may find it easier to log in, but on the other hand, through personal experience, I find that showing the user what their password is while they are typing it makes them feel unsecure and feel that it may be less legit. Im not sure where I sit with this one. In the middle I think, as I do feel that if users were to see the password etc. that they may find it easier to log in, but on the other hand, through personal experience, I find that showing the user what their password is while they are typing it makes them feel unsecure and feel that it may be less legit.

]]> By: Joff http://www.branded3.com/blogs/should-passwords-be-masked/comment-page-1/#comment-7776 Joff Fri, 26 Jun 2009 09:58:01 +0000 http://www.blogstorm.co.uk/?p=2569#comment-7776 In my experience, users associate a masked password with a sense of security. Regardless of what (if any) encryption is going on behind the scenes, if a password is plainly visible then I believe more users would feel uneasy about using the form than those that are less confident about entering in a password that is masked. An alternative technique could be to do something similar to password entry when using mobile web browsers: display the character as it's typed, but just for a second or two and then mask it. Enough time for the user to register that they've entered the correct/incorrect character and amend, if necessary. In my experience, users associate a masked password with a sense of security. Regardless of what (if any) encryption is going on behind the scenes, if a password is plainly visible then I believe more users would feel uneasy about using the form than those that are less confident about entering in a password that is masked.

An alternative technique could be to do something similar to password entry when using mobile web browsers: display the character as it’s typed, but just for a second or two and then mask it. Enough time for the user to register that they’ve entered the correct/incorrect character and amend, if necessary.

]]> By: Carps http://www.branded3.com/blogs/should-passwords-be-masked/comment-page-1/#comment-7775 Carps Fri, 26 Jun 2009 09:21:53 +0000 http://www.blogstorm.co.uk/?p=2569#comment-7775 When I first read that story I totally agreed - especially on mobile interfaces where typing is so damn awkward, but now I'm not so sure on reflection. Fundamentally, 90% of people use one password for *everything* - from their email to their online bank account. While there's a definite usability lag in not being able to see what you're typing, I think the dangers of someone getting their hands on your entire digital life probably trumps that in terms of importance. When I first read that story I totally agreed – especially on mobile interfaces where typing is so damn awkward, but now I’m not so sure on reflection.

Fundamentally, 90% of people use one password for *everything* – from their email to their online bank account. While there’s a definite usability lag in not being able to see what you’re typing, I think the dangers of someone getting their hands on your entire digital life probably trumps that in terms of importance.

]]> By: patrickaltoft (Patrick Altoft) http://www.branded3.com/blogs/should-passwords-be-masked/comment-page-1/#comment-7781 patrickaltoft (Patrick Altoft) Fri, 26 Jun 2009 08:17:44 +0000 http://www.blogstorm.co.uk/?p=2569#comment-7781 Should Passwords Be Masked in Online Forms?: Jakob Nielsen’s latest Alertbox raises and interesting and co.. http://tinyurl.com/nq9cq6 Should Passwords Be Masked in Online Forms?: Jakob Nielsen’s latest Alertbox raises and interesting and co.. http://tinyurl.com/nq9cq6

]]>