OC2PS Posted September 29, 2011 Share Posted September 29, 2011 Jakob Nielsen, usability [spam-filter] Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures. Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers. More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue. The Costs of Masking Password masking has proven to be a particularly nasty usability problem in our testing of mobile devices, where typing is difficult and typos are common. But the problem exists for desktop users as well. When you make it hard for users to enter passwords you create two problems — one of which actually lowers security: Users make more errors when they can't see what they're typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.) The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b ) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security. Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts