Nielsen Recommends Not Masking Passwords

← Back to Stories (view on slashdot.org)

Nielsen Recommends Not Masking Passwords

Posted by timothy on Thursday June 25, 2009 @07:47AM from the *****-****-**-******** dept.

Mark writes "Usability expert and columnist Jakob Nielsen wants to abolish password masking: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.' It usually indicates a lack of imagination of the speaker. But in this case, does usability outweigh security?"

29 of 849 comments (clear)

Making my point with humor by suso · 2009-06-25 07:47 · Score: 4, Funny

Usability? What the hell is he talking about? The user doesn't see the dots, only other people see those. The user should see their own password when they type it. Maybe he should check his glasses because those characters must be so blurry to him that they look like dots.
1. Re:Making my point with humor by Profane+MuthaFucka · 2009-06-25 08:10 · Score: 5, Funny
  
  That comment is 99.99999% funny. It's 0.00001% true in the case of an all asterix passwd.
  
  --
  Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
2. Re:Making my point with humor by religious+freak · 2009-06-25 08:12 · Score: 4, Funny
  
  Dots? Who the hell has dots? My unix login prompt cursor doesn't even move when I type the password in; I'd love to have some dots!
  
  --
  If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
3. Re:Making my point with humor by suso · 2009-06-25 08:47 · Score: 4, Funny
  
  I've never even seen my password in plain text. I don't want to either. Ever.
  That's good, only your hands should know your password.
4. Re:Making my point with humor by transporter_ii · 2009-06-25 09:05 · Score: 5, Funny
  
  I think passwords should spin, and any right characters you try should make that digit stop spinning, to let you know that character was right. That would put things more in line with the movies and make hacking a lot more fun.
  .
  
  --
  Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
5. Re:Making my point with humor by NighthawkFoo · 2009-06-25 09:05 · Score: 4, Funny
  
  What's even better is that the dialog doesn't indicate whether it has focus or not, so you end up typing your password into your IM window.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it."
  - Evelyn Beatrice Hall
6. Re:Making my point with humor by zmollusc · 2009-06-25 11:07 · Score: 3, Funny
  
  OMG! Could this be a way to make linux the most widely used OS? Write a GUI that looks like the computers on TV? Although you would need a monitor that projected the text onto the user's face.
  
  --
  They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
7. Re:Making my point with humor by Khyber · 2009-06-25 18:27 · Score: 2, Funny
  
  The internet would speed up so much it would be insane. Just have a program hunt down every site that shoves a pop-up in your face and nuke the entire thing. ISPs and Telcos would have no choice but to start advertising higher speeds or die out to competition that realizes it first and takes advantage of it!
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
hunter2 by beaviz · 2009-06-25 07:47 · Score: 5, Funny

Nielsen is finally getting even for that old prank we pulled on him back in the day ;)
http://bash.org/?244321
1. Re:hunter2 by El_Muerte_TDS · 2009-06-25 08:04 · Score: 5, Funny
  
  Hmm... I always thought the forums I frequent had some censor for bad words, but I guess it's a password filter. That's neat.
  I wonder if /. also has a feature like that, let me try it. Pen1s
2. Re:hunter2 by suso · 2009-06-25 08:05 · Score: 5, Funny
  
  Hmm... I always thought the forums I frequent had some censor for bad words, but I guess it's a password filter. That's neat.
  I wonder if /. also has a feature like that, let me try it. *****
  Hey that worked, try some of your other passwords.
3. Re:hunter2 by El_Muerte_TDS · 2009-06-25 08:11 · Score: 5, Funny
  
  Neat, let me try a longer one. Erecti0n
4. Re:hunter2 by Useful+Wheat · 2009-06-25 08:19 · Score: 5, Funny
  
  System Error:
  Password too short.
5. Re:hunter2 by CopaceticOpus · 2009-06-25 08:24 · Score: 5, Funny
  
  Neat, let me try a longer one. ********
  Cool, that worked also. Do you have anything harder?
6. Re:hunter2 by ImaLamer · 2009-06-25 08:45 · Score: 5, Funny
  
  Harder than erecti0n?
  
  --
  Get your Unix fortune now!
7. Re:hunter2 by ColdWetDog · 2009-06-25 09:09 · Score: 4, Funny
  
  Good point. It is far too difficult for the guy with the telescope and photomultiplier tube to aim the thing at your keyboard, capture your hand motions and play them back at low speed. The dots are totally secure.
  
  That's why you should always use a Dvorak keyboard. Without the letters on the caps. Just to be sure.
  
  --
  Faster! Faster! Faster would be better!
8. Re:hunter2 by Denihil · 2009-06-25 09:09 · Score: 3, Funny
  
  you don't? SWEET i am so going to be disposableaccount@yahoo.com! I AM SO HAPPY
  
  --
  WÌÌfÍ--ÍSÌÒÍ...Í...ÌHÌÍfÍÍÍ--ÍÍÍ
9. Re:hunter2 by cliveholloway · 2009-06-25 09:19 · Score: 5, Funny
  
  dild0?
  
  --
  -- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism
Re:But then you might see that their password is by wjousts · 2009-06-25 07:57 · Score: 2, Funny

Hey, that's the same as the combination on my luggage!
Re:As they say... by nebaz · 2009-06-25 08:07 · Score: 5, Funny

I say "good morning" to people in the morning. You know who else said that? Mussolini. Therefore...

--
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
Re:Two words by mwvdlee · 2009-06-25 08:08 · Score: 5, Funny

Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers.
Might as well just put all my expensive electronics on the front lawn, since a truly skilled burglar can simply pick the lock and steal it anyway. So, keeping your valuables behind closed doors doesn't even protect fully against theft. It sure as hell makes it more difficult for casual thieves though, which is probably nearly all of them.

More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.
Not all of us have those nice cushy jobs Mr. Nielsen has, where we have our very own office. Roughly 99.9993% of office workers have colleagues. I guess Mr. Nielsen is just a tad detached from reality here.

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
its not a problem for me by circletimessquare · 2009-06-25 08:14 · Score: 5, Funny

i can type my password without even looking
watch, i'll enter my bank account password without looking
fluffybunnies
see? i didn't even need to...
oh crap...
unsubmit
where's the damn unsubmit!

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Lotus Notes by camperdave · 2009-06-25 08:23 · Score: 2, Funny

I like the way Lotus Notes used to do it. As you typed you'd get a random heiroglyphic. As long as your glyph matched what you remembered, you knew that you'd typed the password correctly. Nobody could guess by watching the monitor even how long your password was.

--
When our name is on the back of your car, we're behind you all the way!
Re:Easy solution by Clovis42 · 2009-06-25 08:36 · Score: 2, Funny

I can't read what word you wrote. It is filtered or something.

--
Clovis
^ Clovis, look! It's that guy you are!
Re:Utterly absurd! by bennomatic · 2009-06-25 08:38 · Score: 2, Funny

I would hope that most eight-year-olds haven't been exposed to the kind of language I use in my passwords.

--
The CB App. What's your 20?
Why you have to type our WiFi password twice: by tlambert · 2009-06-25 08:53 · Score: 5, Funny

Why you have to type our WiFi password twice:
The first time sends the password to my botnet.
The second time actually logs you in.
-- Terry
Re:One word for Nielsen: Projector by Archimonde · 2009-06-25 09:40 · Score: 2, Funny

I've seen it.
There was this guy wanting to do a presentation in front of around 50 people on a ubuntu laptop and he typed his password in the "User" textedit of login window. Everyone erupted with laughter because his password was "jebenica_l01" (something like fuckery lol in english). I don't blame him too much, that login window has serious flaw with showing only one textedit at the time and both of them in the same place which can lead to situation like this when people are under pressure. Needless to say, the guy was red in the face and stuttering horribly the whole time.

--
Trolls are like broken clocks. They show the truth two times a day. The rest of the day they talk nonsense.
Re:You could always let the user choose by MichaelSmith · 2009-06-25 11:44 · Score: 2, Funny

Lets say my boss is hanging around, waiting for something important to him to get done. My password is a very rude word...

--
http://michaelsmith.id.au
Re:You could always let the user choose by noidentity · 2009-06-25 16:05 · Score: 4, Funny

Instead of bullets, the password could appear in one of those CAPTCHA fonts; anybody shoulder-surfing would have to stare at it for 10 minutes to decipher it.