Wednesday, June 24, 2009

Nielsen says to stop password masking

Jacob Nielsen says that we should Stop Password Masking in his latest AlertBox article. His argument is simple -- we are very, very rarely in a situation where we're typing in a password while someone is looking over our shoulder. It's extremely common for us to be typing in a password when we're alone. So why not showing our passwords as we type? And, he suggests, have a checkbox to mask the password for those rare situations when someone actually is watching us type.

This reminds me of a situation I ran into a few years ago. A server product I was supporting got complaints from customers because we were showing passwords in property files. A central aspect of security for the server was file system security, so there was no issue with an unauthorized person being able to open the property file and see the password (if they could do that, they wouldn't need the password, the entire system would be vulnerable). So the issue was solely around looking-over-the-shoulder scenarios where someone would need to open the property file with someone watching. There was a clear usability degradation from occluding the password in the file, so we asked customers to give us examples of situations where this looking over the shoulder would be a problem. Their response? It doesn't matter! Passwords should always be occluded! Just in case!

We masked the passwords in the property file.

So I have a lot of sympathy for Nielson's position. But I'm not completely convinced. For example, the one fairly common scenario I can think of where masking is needed is when screen sharing during a web conference. I'm on web conferences all the time, and I'd estimate that there are at least a couple times a week where someone types in a password while screen sharing. And note that Nielsen says that some passwords (like for bank accounts) should perhaps be occluded by default, but there's nothing special about passwords when screen sharing. In other words, during design we can't anticipate whether this is a password that is likely to be used during a web conference. If users have to click a "mask" checkbox before typing a password in a web conference, lots of people will forget... potentially exposing their password to not ONE person looking over their shoulder, but scores of people on a web conference. That seems like a very real concern.

But in terms of baby steps, I like the idea of having a checkbox to mask passwords that is always checked by default. If you're surprised when you first password attempt fails, you can uncheck it and make sure you're typing in it in correctly.

9 comments:

Jeff Harris said...

Interesting, I think it depends on the context. I know lots of people who would freak out if they saw their password being shown to them for a banking website.

Perhaps a compromise would be to offer users a choice, perhaps a link to switch a plain text input to a "secure" password field.

Terry Bleizeffer said...

Yeah, that's the idea behind the checkbox that masks the password. I think there's 3 scenarios:
1. password field + masking checkbox (unchecked by default)

2. password field + masking checkbox (checked by default)

3. masked password field (no checkbox, always masked)

I don't think a 4th scenario of "unmasked password field (no checkbox, always unmasked)" is viable.

Unlike Nielson, I think scenario #1 is not viable either, because of screen sharing.

But I really like #2 over #3.

Calamari said...

As I read Nielsons Article, I found that concept (to always show the password) very distrubing. I'm working in a open-plan office and there is always someone who runs along behind my desk. So I would be one of the guys who would freak out if my password would be shown in plain text all the time.

But having a checkbox that is checked by default and would by unchecking make the password field visible is a good thing. And the OSs show already that it can work.

Anonymous said...

The checkbox option sounds viable but I doubt there will be a change anymore.

BTW, it's Nielsen if you want to correct your tag. (If there was a pun or something with the misspelling I must have missed it.)

Theresa Ramsey said...

Another technique would be to show the character briefly, then mask it. iPhone uses this style, though since it's a personal device, it's not the same as projecting or web conference.

photo masking said...

Interesting stuff!
Thanks!!

Regards,
image masking services

Groupdmt said...

I found very good and I would like to congratulate you for your work..
image masking service

Rayhan Abu said...

I am looking for image masking, hair masking. not password masking.
I found this post useful to me.
clipping path | image masking service | glamor retouching | magazine ads design

Martin Mathur said...

Hi, how nice your services. I have found it very useful. I am going to share this link with my friends and colleagues. I think everybody should do so.