I don't see how showing each letter individually is more secure than showing the whole password in the clear. Anyone looking at your screen is still going to see every character in your password.<p>The only reason this approach makes sense on mobile phones is that you can easily prevent others from seeing your screen. But if I'm logging in to a site on a projector in front of a bunch of co-workers, I don't want my password displayed to them. Not even one character at a time.
Why is this "iPhone-like"? Every basic mobile phone I've owned since the internet arrived on mobiles has had this functionality when entering PINs and passwords.
The reference implementation seems very buggy--moving my caret and having inconsistent behavior.<p>I would certainly be hesitant to type my password on a website which is handling the field like that. Let the browser vendors implement this option at the application level (as an option, probably, so users can enable/disable on all websites).
i'll paste my comments from the other post on the very same topic:<p>i believe this is a good idea on a phone, but not on a computer screen. the problem is really that if you do this, then when someone is logging in with someone else with them - then they are out of options. it's easier to watch characters appear one at a time than it is to watch someone's hands on a keyboard.<p>for example, i have a media center setup in my living room. sometimes people are over, or my housemate is down with me, and i need to sign into netflix so we can watch movies online -- or I'm shopping with someone and now I need to sign into newegg or amazon...<p>I like the idea of the compromise with Jakob Nielsen's idea -- which is to have a button on the page that says like "hold down to reveal password", or "press to reveal password". i'm going to experiment between 'hold down to reveal' and 'press to reveal' next time i make a login page -- i like hold down, but maybe there's a problem with that i'm not realizing yet.
Having password fields in plain test is just ridiculous on regular computers. Even when I first saw how iPhone's password field works I though "What are they thinking".<p>The only reason it is useful on iPhone and other touch-screen devises is because touch-screens do not have same feedback as buttons. They need a way to show that you have entered the letter that you meant to enter. Sometimes, with long passwords it can become hard to even know that when you touched the letter it was entered into the field unless it gets shown.
This is a cool idea, but actually using it is incredibly jarring. I think it works on the iphone because your typing speed is so much slower. I found myself confused and second-guessing my typing a lot more using this with a keyboard.
I actually find the iPhone model annoying.<p>The iPhone is a portable device. Just hold it close and shield it with your body when entering a password. That way your fat-fingering will be easier to recognize.
Cool hack.<p>Here is what I use:<p>- Place an "Unmask" checkbox next to the password field<p>- onclick checkunmask()<p><pre><code> $("#password").type = ($("#unmask").checked)?"textbox":"password";
</code></pre>
Simple, everybody happy.<p><a href="http://mylittlehacks.appspot.com/unmask" rel="nofollow">http://mylittlehacks.appspot.com/unmask</a>
Anything is better than the Lotus Notes "Egyptian Hieroglyphics" password protect. Entering a password iPhone-style has a nice fluidity to it, as each leading character melts into a dot.