Password masking IS important
by Larry Roth on Jul.06, 2009, under /, Usability, Web
I am very pro usability—anyone who knows me will agree. I fight the fights that need to be fought. I go against the corporate decisions that don’t benefit the user. I evangelize for Donald Norman and hang on every word that Jakob Nielsen speaks. This is why it seems so very strange that I would be incited by an innocuously titled article, Stop Password Masking, on useit.com.
Dr. Nielsen contends that we—Web developers—should abandon legacy design and stop providing “little dots” instead of the actual characters that a person is typing in for their password. On the surface, this seems to make sense. After all, it’s hard to type in that which you can not see.
I guess I should be upfront and say this is many years as a sys-admin speaking–not a usability expert—but none-the-less I found many things flawed with the post. I would add that the designers of systems have a responsibility to protect users from compromising their account.
But the main point of the article is that by not showing users what they are typing when the type a password, we are decreasing the usability of the page and also the security of the page.
Here is a brief recap of the main points of the article (please read the whole article for yourself):
- There are very few times when a user is in actual danger of someone “seeing” what they are typing
- Users make more errors when they can’t see what they are typing
- More errors means less confidence
- All this leads to users using simple passwords or copy/pasting passwords
One of his primary points is that a “skilled criminal” can capture you password by looking at the keyboard, not the screen. It’s hard for me to argue with this as I have witnessed this and even done it.
Here’s the rub…I have managed users on systems large and small for the better part of 20 years. I have learned by observation that people don’t have simple passwords because passwords are hard to type in without seeing, they have simple passwords because they are easy to remember.
As a system administrator I know, inherently, that the weakest chain in any system is the user. And it’s not because it’s hard for them to type their password, it’s because they want one password that is easy to remember and is somehow tied in with who they are as an individual.
For this reason, I find passphrases to be a better solution because they are easy to remember and are instantly harder to hack due to their length. If someone has a hint of what you like, they may more easily crack the passphrase with shoulder surfing, but it’s much harder than a simple password.
Lastly, Dr. Nielsen points out that we should abandon legacy design—I am a HUGE fan of abandoning legacy design when it makes sense. Dr. Nielsen points to both form reset buttons and password masking as being legacy design…as the twitteratie say, EPIC FAIL!
Let’s focus on usability, but only when usability is really the problem. But maybe you disagree with me, leave me a comment.
5 comments for this entry:
Trackbacks / Pingbacks
Leave a Reply
-
Welcome to LarryRoth.net!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed.
You can also subscribe by email by filling the field below:
What I am reading
July 6th, 2009 on 11:13 am
I have to say, in terms of raw usability, I have to side with Nielsen on this one. Regardless of whether a password is easy to remember or not, giving proper feedback of showing what the user typed is inherently more usable than just showing dots.
Apple made some progress with this problem on the iPhone in showing the last letter that was typed, while masking the rest.
It would be nice if browsers exposed a way to toggle showing what you typed in a password box, and even providing a setting to always show what you type.
Also, he’s totally right about reset buttons. They should die the horrible death they have been deserving of for years. I’ve never once come across a reset button that would have been useful for me, but I do remember being frustrated many times hitting it by accident.
July 6th, 2009 on 11:49 am
In terms of raw usability I would have to concede the point as well. Feedback is very important. But I feel that there is more than usability at risk here.
As you are alluding, I don’t think that password masking is the final answer, and perhaps there are solutions to the issue. Nielsen himself mentions a checkbox that allows the user to opt out on masking. I didn’t include this in my post, but that idea is not without merit. As long as the default is always on.
I completely agree about reset buttons. There are so few applications where they are relevant, I would support dropping them from the HTML spec. However, I felt Nielsen was comparing password masking to the reset button and I disagree that password masking is legacy design.
July 6th, 2009 on 12:01 pm
I agree with Larry. I think that a huge security loss trumps a very minor usability gain in this case.
However, I wholeheartedly agree about reset buttons. In fact I have this in the default CSS for Firefox (userContent.css):
input[type='reset'] { display: none; }
August 3rd, 2009 on 11:48 pm
I think you may find this plugin interesting.
http://ignorethecode.net/blog/2009/08/02/password-masking/
It’s such a creative idea, but when I first saw what it was doing I thought it may have been a password strength indicator.
August 4th, 2009 on 3:14 pm
Ernie, that is a neat plugin, but not sure it would help people understand that they have typed in the correct password. It was funny that they used the glyphs example with Lotus Notes. All these years and it was lost on me that the glyphs were meant to represent my password. I thought it was just meant to distract shoulder surfers!