Nielsen Recommends Not Masking Passwords
Mark writes "Usability expert and columnist Jakob Nielsen wants to abolish password masking: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.' It usually indicates a lack of imagination of the speaker. But in this case, does usability outweigh security?"
Usability? What the hell is he talking about? The user doesn't see the dots, only other people see those. The user should see their own password when they type it. Maybe he should check his glasses because those characters must be so blurry to him that they look like dots.
Nielsen is finally getting even for that old prank we pulled on him back in the day ;)
http://bash.org/?244321
I say "good morning" to people in the morning. You know who else said that? Mussolini. Therefore...
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers.
Might as well just put all my expensive electronics on the front lawn, since a truly skilled burglar can simply pick the lock and steal it anyway. So, keeping your valuables behind closed doors doesn't even protect fully against theft. It sure as hell makes it more difficult for casual thieves though, which is probably nearly all of them.
More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.
Not all of us have those nice cushy jobs Mr. Nielsen has, where we have our very own office. Roughly 99.9993% of office workers have colleagues. I guess Mr. Nielsen is just a tad detached from reality here.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
i can type my password without even looking
watch, i'll enter my bank account password without looking
fluffybunnies
see? i didn't even need to...
oh crap...
unsubmit
where's the damn unsubmit!
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Why you have to type our WiFi password twice:
The first time sends the password to my botnet.
The second time actually logs you in.
-- Terry
Instead of bullets, the password could appear in one of those CAPTCHA fonts; anybody shoulder-surfing would have to stare at it for 10 minutes to decipher it.