Jakob Nielsen, web usability guru and author of the seminal Designing Web Usability, wrote in his blog recently, urging developers to Stop Password Masking, the practice of hiding a password with asterisks or other characters.
His main point is that the password masking reduces the visual feedback, making errors more prevalent and perhaps leading to riskier behavior:
When you make it hard for users to enter passwords you create two problems — one of which actually lowers security:
- Users make more errors when they can’t see what they’re typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.)
- The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.
I agree that in most cases password masking is unnecessary. But he completely ignores the business task of having to log in to something while connected to a projector. This is a very common use case, and one that needs to be addressed if his suggestion is to be taken seriously.
It seems to me that the user should have the option to turn the password masking on or off as he sees fit – if he needs the visual feedback, he can leave it off; if he wants the security and has memorized his password and types it reflexively, he can leave it on.