Ben
Trusted Member
Hero Member
 Offline
Posts: 4,127
</sarcasm>
|
 |
« on: 01/16/10 at 10:28 AM » |
|
A topic which was raised a couple of months ago by Jakob Neilson's post ' Stop Password Masking'. Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures. What are your thoughts? Do you think it holds value? If so, have you tried it out since? I know that there have been JavaScript plugins which have been authored and tested which creates a medium between stopping password masking, and enabling it at the user's choice. One example being iPhone-like password fields using jQuery |
|
|
|
|
Logged
|
|
|
|
|
|
|
|
Macca
Hero Member
Offline
Posts: 720
Stopping at all stations to home.
|
|
« Reply #3 on: 01/16/10 at 10:09 AM » |
|
No thanks. I get people reading over my shoulder all the damned time, and don't want 'em knowing my password.
I think an important thing is appearances too - an unmasked password appears to be less secure, and therefore might put people off.
Ditto this. Even though I know realistically that a password is probably no more or less securely stored if it was hidden from plain sight (after all, a lot of people actually write their passwords down on post-its and stuff if nobody is likely to be around their desk, which I think is fair enough within the home) I am always quite taken aback if a password is shown, as though it leads me to believe that the site owner hasn't really thought about security at all, however unfounded that thought ends up being. (After all, a hidden password might not be secured at all. There's no real way to judge. Use different passwords for everything, folks.) I am not always using my own personal private computer in an isolated area. I used to use computers a lot at computer laboratories at school, college and university as well as public libraries and internet cafés and even on my laptop out and about. I would hate for anyone to be able to take a glance, and I think that becomes more and more likely as more people are moving about with their computers. |
|
|
|
|
Logged
|
[Insert witty disclaimer here]
|
|
|
|
|
Ms. Smartarse
Trusted Member
A Tad Obsessed
Offline
Posts: 8,335
(in)sufficiently (im)mature
|
|
« Reply #5 on: 01/16/10 at 10:29 AM » |
|
They still know the number of characters even with masking.
I especially like it in linux command line, that when I log in (using putty), nothing shows up when I type the password.
That said, like Jem said, unmasked passwords generate the impression that they are less secure. I don't get people looking over my shoulders when I type in passwords. Seeing as I'm in a tech related environment mostly, it's kind of like an unspoken rule of conduct for us to turn away while passwords are being typed.
|
|
|
|
|
Logged
|
"Sneaky little hobbits, they sneak into your codes" -- Julie--------------------- Thanks to Sarai for the avatar |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
