mailing list archives
Stop Password Masking
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Fri, 26 Jun 2009 09:25:39 -0400
On mobile phones I can see it (and many already do that by flashing the
character you typed for a brief moment beforepbutting up the dot), but for
normal PCs, hell no. Too much chance of shoulder surfing the password. Just
give a warning about caps lock, that's all. How does he claim it does not
increase security? How did he measure that?
On Fri, Jun 26, 2009 at 8:40 AM, Aaron <subdriven at gmail.com> wrote:
I read an interesting article about removing the mask from passwords.
For mobile devices I think it would be a great idea. For some
desktops, I know it would cut down on support calls. In other
instances I think they must stay masked. I was just wondering what the
rest of the PDC list thought. I have links to the articles below.
Usability suffers when users type in passwords and the only feedback
they get is a row of bullets. Typically, masking passwords doesn't
even increase security, but it does cost you business due to login
Main article here: (http://www.useit.com/alertbox/passwords.html)
which was also posted to slashdot here
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...