« Blind Hacker Sentenced to 11 Years in Prison | Main | Researcher barred for demoing ATM security vuln »

Masked passwords must go?

"Websites should stop masking passwords as users type because it does not improve security and makes websites harder to use, according to two of the technology world's leading thinkers.

Usability expert Jakob Nielsen and security expert Bruce Schneier both think websites should stop blanking out passwords as users type them in. They say the practice inconveniences users and delivers no security benefits.

Most websites that require passwords allow a user to see the login name as it is typed in but replace the password with dots or asterisks as it is typed, so that the password cannot be viewed either by another person looking at the screen or by the user." -The Register

There has also been a very long thread on The Web Security Mailing List discussing this advice.

The Register article: http://www.theregister.co.uk/2009/06/30/masked_passwords_usability/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!