Interesting report in El Reg on why "It's time to show most passwords in clear text as users type them," according to "Usability expert Jakob Nielsen and security expert Bruce Schneier."
Apparently masking the password as the user types (e.g. with blobs or asterisks) adversely affects usability and security. Users have a tendency to choose simple passwords, or cut and paste, to ensure they get them right. And frustration with errors may mean users don't bother to enter the site at all.
I wonder to what extent users might now expect to see password masking, and whether they might judge a site which doesn't use it as somehow less secure. To this point, the commentators suggest allowing users to enable password masking by ticking a box, especially where "shoulder-surfing" may be a risk (e.g. Internet cafés or open plan offices).
This would seem worth trialling at the very least.
No comments:
Post a Comment