Today i accidentally entered wrong login details for facebook and this is what i got "Your login password will be shown to you in plain text below to make text input easier(Your login is still secure)". That message on its own made me even more suspicious. Of course the message was from facebook but the fact that am so used to never being shown password it got me thinking otherwise. Is it any good to show users their password on login and assume they will feel safe ?
I just tried a couple times and got a standard request to reset to a new password. The language you copy-pasted is odd too. "Login password" instead of just "password" is unusual, and "plain text" is programmer speak, not regular English. Something's fishy.
I saw a javascript trick that would show the first letter of the password as you type it but then turn the letter into a dot after you type the next letter, just like a lot of mobile devices do. Seems like this would give some added sense of security / privacy.<p>Link: <a href="http://blog.decaf.de/2009/07/iphone-like-password-fields-using-jquery/" rel="nofollow">http://blog.decaf.de/2009/07/iphone-like-password-fields-usi...</a>
The problem with showing users their passwords in plain text is that it makes stealing passwords easier for someone looking over their shoulder. However if you're SSL encrypting the communication, and are following good practices on the server, you aren't weakening any other part of their security.
On Android OS phones the first letter of the password is shown but turns into a star/dot after 1 second.<p>This approach helps with both usability and security.