Should we stop to mask password?

According to Jakob Nielsen, masking password while dialing it is a bad idea. The arguments are that users may make more errors with blind typing, and that due this complexity, they will choose simpler passwords.

Jakob Nielsen is a highly respected guru of usability. When I was working in User Interfaces research (many years ago), I religiously read all his books. I learn a lot. It was my first contacts with human psychology and brain behavior. I’ll soon come back to that interesting topic. Thus, his comments deserve our interest.

His first argument is definitively true. Who had never got his/her password rejected because the cap key was on? A visual feedback would avoid this type of errors. I must confess that each time I have to enter my long passphrase of PGP, I’m nervous. Especially if you are like me keyboard dyslexic. 🙁

I would tend to disagree on the second argument. People mainly choose a simple password because it is more difficult to remember complex passwords, rather than because it is difficult to dial them.

Sometimes, we have forgotten the initial design purpose. Password masking is mainly to avoid shoulder surfing. Shoulder surfing on a mobile device (such as BlackBerry) is far more difficult than on a notebook in an airport. Thus, is it using to protect against this threat on mobile? If there is nobody present for shoulder surfing, why protect against an non existing threat?

Thus, I would rather agree with Jakob Nielsen to mitigate the orthodoxy of password masking with some rules:

  • When shoulder surfing is not possible, do not mask (unless you fear screen capture, but then you may also fear key logging)
  • Propose a checkbox that would allow to mask/unmask the password. I would suggest that the default state could be masking.

Should we violate this rule?

Leave a Reply

Your email address will not be published. Required fields are marked *