[jdev] [Fwd: Alertbox: Stop Password Masking]

Dave Cridland dave at cridland.net
Wed Jun 24 09:59:42 CDT 2009

On Wed Jun 24 15:54:15 2009, Norman Rasmussen wrote:
> I would normally reply on the article, but it seems it doesn't have  
> comment
> functionality.
> > Jakob Nielsen's Alertbox for June 23 is now online, Summary:
> >
> > Usability suffers when users type in passwords and the only  
> feedback
> > they get is a row of bullets. Typically, masking passwords  
> doesn't even
> > increase security, but it does cost you business due to login  
> failures.
> >
> > - ----------------------------------
> >
> What about my co-worker peering over my shoulder while I type in my
> password?
I think the better solution is likely a "Unmask" checkbox. IIRC,  
GNOME uses that kind of thing for WiFi pre-shared secrets.

> To be honest this is where single-sign-on systems like OpenID are  
> better,
> because you delegate authentication somewhere else (that hopefully  
> you
> already have a session key for).

Well, I'm not so convinced by OpenID as such, but yes, things like  
Kerberos, or even simpler things like keyrings unlocked at login, do  
seem to work better.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the JDev mailing list