There’s usually nobody looking over your shoulder when you log in to a website. It’s just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.

The spots, stars, or dots you get when you type in a browser password field are, I think, designed to give the illusion of security — I can’t see what I’ve typed, therefore it’s well-hidden. Wrong. As JN says, the real usability costs outweigh any perceived benefits.

Browsers should show text in password fields by default, and provide an option to turn on password masking for public computers.