30 June 2009 14:35 GMT / By Duncan Geere
Two leading security and UI experts have said that websites should stop the practice of masking passwords as users type them in, as it doesn't improve security, but does impede the user experience.Jakob Nielsen and Bruce Schneier say that the masking process - which usually replaces characters with asterisks - solves a problem that doesn't really exist:
"Password masking has annoyed me for years", Schneier said. "Shoulder surfing is largely a phantom problem, and people know to be alert when others are nearby, but mistyping a long password happens all the time".
"It's time to show most passwords in clear text as users type them", said Nielsen in a blog post. "Providing feedback and visualising the system's status have always been among the most basic usability principles".
Nielsen singled out mobile devices for particular attention, saying that typos are common when using the smaller input devices - "Users make more errors when they can't see what they're typing while filling in a form".
In some environments, like internet cafes, Nielsen said that websites should offer a checkbox for users to have their passwords masked. "For high-risk applications, such as bank accounts, you might even check this box by default".
We think it's unlikely that websites will follow the recommendations - consumers have only recently gained the confidence to shop online, and having their passwords displayed as plain text isn't likely to help maintain that. On Pocket-lint, we'll be sticking with masked passwords for now.
Via: theregister.co.uk
Software, Websites, Viruses And Malware, Security software
Nikon D800 pictures and hands-on Full frame camera in the flesh
Nikon D700 vs Nikon D800 New and improved?
Acer CloudMobile Ice Cream Sandwich smartphone set for MWC launch 4.3-inch award winner
