Comments on: Why do passwords appear as dots in a form?

By: Paul Olyslager

Paul Olyslager — Mon, 11 Jan 2010 11:21:21 +0000

I've found a nice solution for the Iphone-like approach on the website of Queridodesign. It is using Mootools and works in Safari 3+, Firefox 3+, Opera 10+, Internet Explorer 6 and 7.

By: Jaime

Jaime — Wed, 18 Nov 2009 15:27:46 +0000

@Paul Olyslager: Thanks Paul! I by no chance mean there should not be room for improvement. I do agree that if there's a chance to improve, so it shall be done in a tasteful and effective way. The thing is, a password input box that displays the letter and then transforms to a asterisk, is just a bit more safe than having the box display plaintext. A person with good visual ability and memory looking to steal your password will do so by looking at your plain text, by looking ad the changing letters, or by looking at your fingers when you type. In that same order you could say there's no protection with the first, somewhat a protection with the second and as much a protection with the last option. The main reason the iphone's password input boxes work like that is because of two reasons. First the fact that the phone is always in close proximity to your person and it's easier to "protect" your password entering with your body (which most people do, if only because most people use the phone in a position where people can't snoop from behind). And Second the fact that typing in an iphone is by definition harder than typing on a regular keyboard, as well as it's a lot more error prone. Add to that the fact that if I can probably type my password wrongly 2 times and get it the third time on the browser faster than typing it on an iphone (though that might be because I really don't get a lot of use from opposable thumbs). It's that much annoying to have to retype your password on the phone than on a laptop or desktop. I believe Apple decided to sacrifice a little security to make the experience easier for people. But we shouldn't do that on the web, because the security risk is a lot higher than on a mobile phone.

By: Paul Olyslager

Paul Olyslager — Wed, 18 Nov 2009 14:15:24 +0000

@Jaime: First of all, thank you for your comment. It is always nice to hear someone else's opinion and takes the time to clarify it. I must say I partly agree with your comment. You shouldn't change the usability of something that is so standarized as the dots of a password field, but that doesn't mean there is no room for improvement (or at least have a look for other possibilities for that matter). Re-inventing the wheel is not necessary, but improving it to the changing external conditions without touching the basics of the wheel (it needs to roll) is. The essence of a password field are the dots itself, without these the field is not recognisable as a passform field. In all the alternatives mentioned in this article I kept the dots for consistency reasons. I do understand the solution of Apple, changing the character in a dot after you entered the next character makes sense. People still recognise it as a passform field, it is still consistent and it's more difficult to make a typo. I'm not saying that this option will be the new standard, but it is nice to know that people still think about the functionality.

By: Jaime

Jaime — Mon, 16 Nov 2009 11:55:28 +0000

I’ve heard this a gazillion times. “Why mask passwords? Give control back to the users!”

There are various reasons why this is not a good idea.

1) You may think that “over the shoulder” password peeking doesn’t occur anymore, but it’s far more likely to happen now than ever. Be it your girlfriend trying to figure out your Facebook password to see if you’re cheating, or the florist that brought flowers to your office who is really a corporate spy. No this is not a movie script. This stuff does happen.

2) It has worked the way it is for ages. Why change something that works? Most people authenticate many different ways. Browser’s password manager, a password managing app, the leave their account logged in, or are so used to typing their password that muscle memory takes care of the rest. Is it really that hard to type a string of 8 to 13 characters correctly?

3) Users grew up with the idea that masked passwords mean security. You take that away and people will think twice about using your website. Though password masking does not equal security, it’s to late to change the perception of it all.

There’s a point where usability pioneering starts getting in the way. Study the effects of positioning, whitespace, simplicity and complexity in interfaces, call to action importance hierarchies, and the whole plethora of other usability issues; but really, this stuff works well already, and changing it will make you the outcast in the list of sites the user uses. If out of the 10 sites I use 9 mask passwords and 1 doesn’t, I might associate that with not being safe or meaning something completely different to what it would mean otherwise.

To finish up, one of the most important concepts in user experience is consistency, and this doesn’t only apply to the design of your site. It is just as important to maintain a consistency in certain elements the user interacts with throughout the whole web, and one of said components is the password field.

By: Sue

Sue — Mon, 16 Nov 2009 01:59:07 +0000

The dots are there for security, so someone looking over your shoulder can’t find out your password (social engineering hacks).

In our software program, when you enter a password, such as for your key, it’s in all dots. But there’s a check box you can select that allows you to “Show keystrokes.” If you know no one is at your back, you can select this to verify you’ve typed the correct password. In our case, it’s a simple usability fix.

By: linkzdirect.com

linkzdirect.com — Sun, 01 Nov 2009 13:36:51 +0000

Why do passwords appear as dots in a form? | paul olyslager…

Ever wondered why passwords appear as dots in a form?A system which is not userfriendly because you can’t see the character you just typed. Solution is simple….

By: zabox.net

zabox.net — Sun, 25 Oct 2009 13:13:18 +0000

Why do passwords appear as dots in a form? | paul olyslager…

When I want to subscribe myself for a newsletter, website, online application or want to sign in, I need to put in my password. This is the easiest way to protect websites/applications and it works, but what I really don’t understand is why a password …

By: clippingimages

clippingimages — Sun, 18 Oct 2009 10:36:42 +0000

Very interesting article. Very informative also. This question also slipped my mind. Thanks to share this awesome article. Really now i got some clear idea now.

By: favSHARE

favSHARE — Tue, 06 Oct 2009 19:37:21 +0000

This article has been shared on favSHARE.net. Go and vote it!

By: Paul Olyslager

Paul Olyslager — Tue, 29 Sep 2009 10:40:07 +0000

Interesting point on the auto-complete dmitry, didn't think of that one. I think that the solution, which was shown to us by Kristof, improves the usability but also upholds the safety of the entire operation (be it for a quick login or filling in a long form), this without an extra click. I've found a working example, written by Stephen Lewis. Although it works in FF, it seems to fail in IE7. With every keystroke, the amount of digits is doubled. I'm still on the lookout for a perfectly working example.