Password Masking Has Usability Flaws
by James
This excellent article from Jakob Neilsen nails the main problem with password masking:
There’s usually nobody looking over your shoulder when you log in to a website. It’s just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.
The spots, stars, or dots you get when you type in a browser password field are, I think, designed to give the illusion of security — I can’t see what I’ve typed, therefore it’s well-hidden. Wrong. As JN says, the real usability costs outweigh any perceived benefits.
Browsers should show text in password fields by default, and provide an option to turn on password masking for public computers.
I like how on my mobile, when typing in a password it shows me the character for half a second before turning it into a star/bullet. It’s a bit more usable that way but still, someone won’t see your entire password at one glance…