Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nielsen Recommends Not Masking Passwords

Posted by timothy on from the *****-****-**-******** dept.

Mark writes "Usability expert and columnist Jakob Nielsen wants to abolish password masking: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.' It usually indicates a lack of imagination of the speaker. But in this case, does usability outweigh security?"

3 of 849 comments (clear)

  1. Re:Not to fanboi all over the place... by IANAAC · · Score: 5, Informative

    Around long before the iPhone, but it was a nice try to attribute that to the iPhone.

  2. Re:You could always let the user choose by speculatrix · · Score: 5, Informative

    S60 has been doing this before the iPhone/iPodTouch was even a rumour within apple.

  3. Re:Microsoft wep key by iPhr0stByt3 · · Score: 5, Informative

    If you mis-type the password to a wireless network, the AP won't even tell you it's wrong. That is because the AP will hopefully act as if it was correct in order to significantly slow down brute force password attempts. Windows will try to get a DHCP address and eventually come up with "limited or no connectivity". Therefore, using a double-check might save a few minutes if you can correct your typo immediately. I'm not saying that I prefer this. I'd personally rather have just one box and type it carefully, but that is a valid and good reason for this behavior.