"Websites should stop masking passwords as users type because it does
not improve security and makes websites harder to use, according to two
of the technology world's leading thinkers.
Usability expert Jakob Nielsen and security expert Bruce Schneier
both think websites should stop blanking out passwords as users type
them in. They say the practice inconveniences users and delivers no
security benefits.
Most websites that require passwords allow a user to see the login name
as it is typed in but replace the password with dots or asterisks as it
is typed, so that the password cannot be viewed either by another
person looking at the screen or by the user." -The Register
There has also been a very long thread on The Web Security Mailing List discussing this advice.
The Register article: http://www.theregister.co.uk/2009/06/30/masked_passwords_usability/
