We need to stop masking passwords

Oh, please no one do this!<p>Two main points -- masked passwords are a very standardized UI convention, so everyone has a strong assumption that passwords will be masked, even in situations that the author hasn&#x27;t considered (when yes, in fact lots of people will unavoidably see your password), and second, there are common situations the author hasn&#x27;t considered.<p>Most of the meetings I&#x27;m in nowadays use screen sharing in some way; that means my screen is intentionally large &amp; visible enough that plenty of other people can see exactly what I type. I do need to occasionally sign into something, which gives away my password lengths but that&#x27;s it (and that&#x27;s not too serious; I use a password manager so they&#x27;re long &amp; random).<p>Pair programming? A manager authorizing some action for an employee? Any kind of demo, or giving technical support? Training?<p>There are lots of reasons why someone else would be legitimately closely watching what I type. Masked passwords are not an archaic holdover from mainframe days.<p>That said, the <i>option</i> to show password text is useful, for all the reasons mentioned -- this should not be site-specific (ugh, I can imagine the &quot;show password text&quot; being just to the right of the password field, so username-tab-password-tab-enter will show the password...), but a button in the toolbar would be nice.

If passwords were not masked, I would now know most of the passwords of everyone in the office, and all of my family.<p>I always look away when someone else is typing in a password, as my eyes are drawn to the keyboard and I can pretty well read what they type just from the keys. So out of respect, I turn my head. If the password were actually on screen, it would be many times harder not to see it.<p>I don&#x27;t think I&#x27;m unusual. I&#x27;m at computers with other people usually once or twice a day when they enter a password. I don&#x27;t <i>want</i> to know their passwords!<p>And as the system admin, I don&#x27;t want them seeing the password when I have to type it in to fix stuff for them.<p>It&#x27;s not malicious people who might be installing keyloggers and all that that masked passwords help against, it&#x27;s simply day to day privacy and permissions.<p>I don&#x27;t have a problem popping round to a team-mate&#x27;s office to enter a password to let them install some basic software package, or a hardware driver update, or whatever. But if they saw the password, then soon they would know it, and <i>for sure</i> would use it once or twice, and more and more random crap would get installed, and soon malware, and so on.<p>On the other hand, being able to turn on visibility occasionally is useful. (Ah! No wonder it&#x27;s not working... your keyboard is still in Korean mode... Oh, right, British mode, the double-quote doesn&#x27;t live there...)

While I see the point, I don&#x27;t agree.<p>Entering passwords with people standing behind me would be slightly nerve racking without password masking, and during a presentation would be essentially impossible.<p>Password masking is a good default and greatly limits password exposure.

The author has an extreme imagination deficiency if he can&#x27;t picture the common scenarios where someone might see you entering your password. There are many, many times when I&#x27;m working with another person sitting at my desk. It&#x27;s amazing that his whole article is predicated on his inability to look beyond his own circumstance.

I strongly disagree. Perhaps if you use your computer all alone in your private office, that makes sense.<p>That&#x27;s now how I use the computer, that&#x27;s not how all my friends use their computers and that seriously now how the next generation is using their computer.<p>When I am on youtube, I have up to 5 friends behind me. I don&#x27;t want them to see my youtube password. When I log into steam, I most likely have someone behind me. When I log into my Evernote account, it&#x27;s most likely to show a quote or some information to a friend. I don&#x27;t want them to see the password.<p>To make it short, I believe that most young people use the computer as a social activity. Showing the password by default makes NO SENSE.<p>I wouldn&#x27;t want a client to see my password when I screenshare during a presentation. Nor my coworker to see it on the big screen in the conference room.<p>I very, very strongly disagree with that article.

&gt; As humans we&#x27;re very good at looking at something and taking a visual snapshot. If I actually see the Facebook login screen with my username and a long, passphrase like &quot;correct horse battery staple&quot;, that&#x27;s more likely to sink into my brain.<p>It is exactly because that we as humans can take the visual snapshots easily that we still need the most basic masking. <i>Because we can take snapshots</i>. If one of my coworker has a a long phrase password(high entrophy, but very memorable and therefore the coworker has employed) and I happen to take a glance at his screen, then notice his password as a tangible sentence, <i>I will remember it</i>. Even if I don&#x27;t <i>memorize it</i> on spot, if it happens frequently enough you&#x27;d be damn sure that I will.<p>&gt; Masked passwords come from the age of mainframes. And when we&#x27;re talking about mainframes, that makes sense -- they were secure, private systems, used by specialists.<p>Again, it still makes sense to have masked password, just as it made sense in the mainframe age; we can take snapshots.<p>Having said that, I do see the merits of his point; an option to unmask would be a vast improvement on UX, for which I laud Microsoft on.<p>It&#x27;s especially difficult for me to type 30-character-long masked password, from my native language layout, on top of English keyboard visuals. I can do it with my eyes closed on keyboard, but it&#x27;s not very easy to do it on smartphone and much easier to screw it up.

Most wifi password entry fields on various platforms now offer the sensible approach: mask the password by default while offering the option to toggle the masking in that field.

We aren&#x27;t even save from this:<p><a href="http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Revisited/preprint.pdf" rel="nofollow">http:&#x2F;&#x2F;www.cs.berkeley.edu&#x2F;~tygar&#x2F;papers&#x2F;Keyboard_Acoustic_E...</a><p>but then we should just show the passwords on the screen we enter? That&#x27;s just insane. Linux command line doesn&#x27;t even show a * when entering a password. That&#x27;s how it should be.<p>We should be paranoid about passwords and not display them.

Something bugged me about this, I don&#x27;t know about iOS, but Android has the &quot;show password&quot; feature already. Although I get his point that no-one really gets passwords by sight, it does happen, but the most important part of masking to me and the only reason I approve of it is because there will be times when you stop in the process of logging in somewhere and leave.

&gt;Secondly, if people could see their own passwords rather than just dot-dot-dot, etc they would choose better passwords, and be less likely to reuse the same passwords.<p>This has nothing to do with being able to see the password and is entirely to do with stupid password restrictions. It&#x27;s ironic he uses &#x27;correct horse battery staple&#x27;.

This is idea makes my shoulder surfing senses wet. Seriously, it might sound like a good UX idea in theory, but lets go to practice: People are not going to use that button in the safety of their homes. Why? Because they don&#x27;t care. It is not a secret that the average user doesn&#x27;t give priority over commodity to security; that&#x27;s the basic principle behind no-tech hacking.<p>The best UX experience collides with the best security experience, we need to find the middle point. This is not the middle point. Passwords are now broken from concept, that&#x27;s why we are evolving into two factor authentication. Making a broken security method easier to crack (even if it may only happen when certain circumstances are met, like doing it in an airport of coffee shop) is not the way to go.

I really appreciated when I was trying to log into a website on my phone and kept getting the password wrong. After a few tries, it said &quot;we know typing on a phone sucks, would you like to unmask the password field?&quot;.<p>Nowadays, just looking at the last character briefly before it gets masked is enough for me to correctly type in my more complicated passwords.<p>I&#x27;d like arbitrary password restrictions to disappear before things like default masked password fields. I can never remember whether this unfrequented site required 6-8 characters, or a special character, or no more than three alphanumeric characters, etc. in the password. I just usually reset the password each time I need to log in, in such cases.

The point to takeaway from this article is that remote attacks are a greater threat than local attacks, so password entry should be optimized for protecting against the former rather than the latter.<p>For many of us, the point is invalid because we know how to choose good passwords, and we don&#x27;t need to see them in order to do so.<p>So instead, think about this from the perspective of the average consumer. A unobfuscated password field makes it a lot easier to use a long and complex password. If the field is hidden, users are more likely to choose something short and easy to remember, making their password vulnerable to dictionary attacks.

<i>Firstly, no one is going to see your password. I&#x27;ll come onto that, but they just won&#x27;t. Ever.</i><p>I feel sorry that the author is so socially isolated that he never shows anyone else anything on his computers. Instead he invokes papparazo and cold-war imagery with telephoto snoopers hiding to get snapshots of small tablets (ipad mini - not even a full ipad) and yet never thinks of &quot;hey, check this out&quot;

I absolutely agree that there should be a &quot;show typing&quot; override. Ideally, it should be built into the entry widget as a clickable or touchable area. There should also be a key chord to toggle masking. There are lots of times when there is absolutely no danger of shoulder surfing, and showing the typing would have the advantages the author describes.<p>I note that PGP Desktop has a checkbox to disable masking. I always tick it. It helps me to get the pass phrase right and to burn it into memory.<p>But the default should be mask!! (OK, maybe the default should be configurable. But the default default should still be to mask.) In public situations, it would be too much to have to remember to turn on masking.

I think the author just wants a kiddy version of Windows :P Maybe we can name it Windows Portal (after the M:TG Portal expansion for new players). One that is not meant to be used in a professional environment and does not have any security things. It&#x27;s actually not a bad idea. Just keep it very far away from me.

I would very much like to have an option to always display passwords. I would turn it on for this machine, because I only use it at home, and I&#x27;m pretty much always alone here.<p>But of course it would be no good for a machine I use in a public place.

This is garbage. If I disabled password masking on my workstation the only thing it would accomplish would be me eventually getting fired.

Stop masking passwords for nonsense usages like WiFi networks. Keep them for things that actually matter.

hunter2

That guy is a complete idiot.