Nielsen Recommends Not Masking Passwords 849
Posted
by
timothy
from the *****-****-**-******** dept.
from the *****-****-**-******** dept.
Mark writes "Usability expert and columnist Jakob Nielsen wants to abolish password masking: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.' It usually indicates a lack of imagination of the speaker. But in this case, does usability outweigh security?"
Making my point with humor (Score:5, Funny)
Usability? What the hell is he talking about? The user doesn't see the dots, only other people see those. The user should see their own password when they type it. Maybe he should check his glasses because those characters must be so blurry to him that they look like dots.
hunter2 (Score:5, Funny)
Nielsen is finally getting even for that old prank we pulled on him back in the day ;)
http://bash.org/?244321 [bash.org]
Re:But then you might see that their password is (Score:3, Funny)
Re:hunter2 (Score:5, Funny)
Hmm... I always thought the forums I frequent had some censor for bad words, but I guess it's a password filter. That's neat.
I wonder if /. also has a feature like that, let me try it. Pen1s
Re:hunter2 (Score:5, Funny)
Hmm... I always thought the forums I frequent had some censor for bad words, but I guess it's a password filter. That's neat.
I wonder if /. also has a feature like that, let me try it. *****
Hey that worked, try some of your other passwords.
Re:As they say... (Score:5, Funny)
I say "good morning" to people in the morning. You know who else said that? Mussolini. Therefore...
Re:Two words (Score:5, Funny)
Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers.
Might as well just put all my expensive electronics on the front lawn, since a truly skilled burglar can simply pick the lock and steal it anyway. So, keeping your valuables behind closed doors doesn't even protect fully against theft. It sure as hell makes it more difficult for casual thieves though, which is probably nearly all of them.
More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.
Not all of us have those nice cushy jobs Mr. Nielsen has, where we have our very own office. Roughly 99.9993% of office workers have colleagues. I guess Mr. Nielsen is just a tad detached from reality here.
Re:Making my point with humor (Score:5, Funny)
Re:hunter2 (Score:5, Funny)
Neat, let me try a longer one. Erecti0n
Re:Making my point with humor (Score:5, Funny)
its not a problem for me (Score:5, Funny)
i can type my password without even looking
watch, i'll enter my bank account password without looking
fluffybunnies
see? i didn't even need to...
oh crap...
unsubmit
where's the damn unsubmit!
Re:hunter2 (Score:5, Funny)
System Error:
Password too short.
Lotus Notes (Score:3, Funny)
Re:hunter2 (Score:5, Funny)
Cool, that worked also. Do you have anything harder?
Re:Easy solution (Score:3, Funny)
Re:Utterly absurd! (Score:3, Funny)
Re:hunter2 (Score:5, Funny)
Harder than erecti0n?
Re:Making my point with humor (Score:5, Funny)
I've never even seen my password in plain text. I don't want to either. Ever.
That's good, only your hands should know your password.
Why you have to type our WiFi password twice: (Score:5, Funny)
Why you have to type our WiFi password twice:
The first time sends the password to my botnet.
The second time actually logs you in.
-- Terry
Re:Making my point with humor (Score:5, Funny)
I think passwords should spin, and any right characters you try should make that digit stop spinning, to let you know that character was right. That would put things more in line with the movies and make hacking a lot more fun.
.
Re:Making my point with humor (Score:5, Funny)
What's even better is that the dialog doesn't indicate whether it has focus or not, so you end up typing your password into your IM window.
Re:hunter2 (Score:5, Funny)
That's why you should always use a Dvorak keyboard. Without the letters on the caps. Just to be sure.
Re:hunter2 (Score:3, Funny)
Re:hunter2 (Score:5, Funny)
Re:One word for Nielsen: Projector (Score:3, Funny)
I've seen it.
There was this guy wanting to do a presentation in front of around 50 people on a ubuntu laptop and he typed his password in the "User" textedit of login window. Everyone erupted with laughter because his password was "jebenica_l01" (something like fuckery lol in english). I don't blame him too much, that login window has serious flaw with showing only one textedit at the time and both of them in the same place which can lead to situation like this when people are under pressure. Needless to say, the guy was red in the face and stuttering horribly the whole time.
Re:Making my point with humor (Score:4, Funny)
OMG! Could this be a way to make linux the most widely used OS? Write a GUI that looks like the computers on TV? Although you would need a monitor that projected the text onto the user's face.
Re:You could always let the user choose (Score:3, Funny)
Re:You could always let the user choose (Score:5, Funny)
Re:Making my point with humor (Score:3, Funny)
The internet would speed up so much it would be insane. Just have a program hunt down every site that shoves a pop-up in your face and nuke the entire thing. ISPs and Telcos would have no choice but to start advertising higher speeds or die out to competition that realizes it first and takes advantage of it!