Comments on: Password masking IS important http://larryroth.net/blog/2009/07/06/password-masking-important/ Just my thoughts Mon, 14 Dec 2009 02:23:49 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Larry Roth http://larryroth.net/blog/2009/07/06/password-masking-important/comment-page-1/#comment-127 Larry Roth Tue, 04 Aug 2009 19:14:42 +0000 http://larryroth.net/blog/?p=241#comment-127 Ernie, that is a neat plugin, but not sure it would help people understand that they have typed in the correct password. It was funny that they used the glyphs example with Lotus Notes. All these years and it was lost on me that the glyphs were meant to represent my password. I thought it was just meant to distract shoulder surfers! Ernie, that is a neat plugin, but not sure it would help people understand that they have typed in the correct password. It was funny that they used the glyphs example with Lotus Notes. All these years and it was lost on me that the glyphs were meant to represent my password. I thought it was just meant to distract shoulder surfers!

]]> By: Ernie http://larryroth.net/blog/2009/07/06/password-masking-important/comment-page-1/#comment-126 Ernie Tue, 04 Aug 2009 03:48:33 +0000 http://larryroth.net/blog/?p=241#comment-126 I think you may find this plugin interesting. http://ignorethecode.net/blog/2009/08/02/password-masking/ It's such a creative idea, but when I first saw what it was doing I thought it may have been a password strength indicator. I think you may find this plugin interesting.

http://ignorethecode.net/blog/2009/08/02/password-masking/

It’s such a creative idea, but when I first saw what it was doing I thought it may have been a password strength indicator.

]]> By: Travis http://larryroth.net/blog/2009/07/06/password-masking-important/comment-page-1/#comment-117 Travis Mon, 06 Jul 2009 17:01:02 +0000 http://larryroth.net/blog/?p=241#comment-117 I agree with Larry. I think that a huge security loss trumps a very minor usability gain in this case. However, I wholeheartedly agree about reset buttons. In fact I have this in the default CSS for Firefox (userContent.css): input[type='reset'] { display: none; } I agree with Larry. I think that a huge security loss trumps a very minor usability gain in this case.

However, I wholeheartedly agree about reset buttons. In fact I have this in the default CSS for Firefox (userContent.css):

input[type='reset'] { display: none; }

]]> By: Larry Roth http://larryroth.net/blog/2009/07/06/password-masking-important/comment-page-1/#comment-116 Larry Roth Mon, 06 Jul 2009 16:49:44 +0000 http://larryroth.net/blog/?p=241#comment-116 In terms of raw usability I would have to concede the point as well. Feedback is very important. But I feel that there is more than usability at risk here. As you are alluding, I don't think that password masking is the final answer, and perhaps there are solutions to the issue. Nielsen himself mentions a checkbox that allows the user to opt out on masking. I didn't include this in my post, but that idea is not without merit. As long as the default is always on. I completely agree about reset buttons. There are so few applications where they are relevant, I would support dropping them from the HTML spec. However, I felt Nielsen was comparing password masking to the reset button and I disagree that password masking is legacy design. In terms of raw usability I would have to concede the point as well. Feedback is very important. But I feel that there is more than usability at risk here.

As you are alluding, I don’t think that password masking is the final answer, and perhaps there are solutions to the issue. Nielsen himself mentions a checkbox that allows the user to opt out on masking. I didn’t include this in my post, but that idea is not without merit. As long as the default is always on.

I completely agree about reset buttons. There are so few applications where they are relevant, I would support dropping them from the HTML spec. However, I felt Nielsen was comparing password masking to the reset button and I disagree that password masking is legacy design.

]]> By: Ernie http://larryroth.net/blog/2009/07/06/password-masking-important/comment-page-1/#comment-115 Ernie Mon, 06 Jul 2009 16:13:31 +0000 http://larryroth.net/blog/?p=241#comment-115 I have to say, in terms of raw usability, I have to side with Nielsen on this one. Regardless of whether a password is easy to remember or not, giving proper feedback of showing what the user typed is inherently more usable than just showing dots. Apple made some progress with this problem on the iPhone in showing the last letter that was typed, while masking the rest. It would be nice if browsers exposed a way to toggle showing what you typed in a password box, and even providing a setting to always show what you type. Also, he's totally right about reset buttons. They should die the horrible death they have been deserving of for years. I've never once come across a reset button that would have been useful for me, but I do remember being frustrated many times hitting it by accident. I have to say, in terms of raw usability, I have to side with Nielsen on this one. Regardless of whether a password is easy to remember or not, giving proper feedback of showing what the user typed is inherently more usable than just showing dots.

Apple made some progress with this problem on the iPhone in showing the last letter that was typed, while masking the rest.

It would be nice if browsers exposed a way to toggle showing what you typed in a password box, and even providing a setting to always show what you type.

Also, he’s totally right about reset buttons. They should die the horrible death they have been deserving of for years. I’ve never once come across a reset button that would have been useful for me, but I do remember being frustrated many times hitting it by accident.

]]>