Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nielsen Recommends Not Masking Passwords

Posted by timothy on from the *****-****-**-******** dept.

Mark writes "Usability expert and columnist Jakob Nielsen wants to abolish password masking: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.' It usually indicates a lack of imagination of the speaker. But in this case, does usability outweigh security?"

4 of 849 comments (clear)

  1. Masking passwords doesn't do much by delirium+of+disorder · · Score: 1, Redundant

    If someone can shouldersurf, 99% of the time they have physical access and all security is null. If they can see your ***ed password on the screen, than they can see your fingers type they characters of your password on the keyboard (again with 1% exceptions like keyboard covers and remote displays). If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF, cold boot your RAM and grep it, do audio analysis of your typing and decipher your keystrokes, and etc.

    ***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.

    --
    ------ Take away the right to say fuck and you take away the right to say fuck the government.
  2. idiotic idea by poetmatt · · Score: 0, Redundant

    Here's something people don't realize:

    Remember all those laws about "in plain sight" and all that how law enforcement can steal your info just because something isn't locked away etc?

    Well guess what happens to passwords like this. Spy through a window at home, etc.

  3. I guess he never had to make a presentation... by Fallen+Kell · · Score: 1, Redundant

    I guess he had ever had to make a presentation in a conference room or lecture hall, and had to use an already in place computer which he had to log in, or had his laptop go into screen saver mode because it was on battery and you talked more than 30 seconds on a single slide. Because he would then immediately say, "Gee, I sure wish I didn't have to show the 200 people here my password." Especially since at least a large portion of those same people will likely have access to the internet and potentially the same computer network his account is and can log in even while the presentation is on-going...

    --
    We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
  4. Re:Making my point with humor by JimFive · · Score: 0, Redundant

    I mean really ... why the hell are there keypads with 7 8 & 9 on the bottom!? Madness!

    They're called Telephones.
    --
    JimFive

    --
    Please stop using the word theory when you mean hypothesis.