Last March, @johnwlong tweeted “Do people really want their password hidden (••••••) when they signup?” (here) and “Wondering about dropping the “confirm password” field on our signup screen and using a normal text field for the password instead.” (here). My reply to him was “as practical as that sounds, I think that would (perhaps subconsciously) make users question the security of your site.” I haven’t been able to shake the idea. Are masked password input fields really necessary? Do they provide any benefit?
Usability expert Jakob Nielsen believes they aren't necessary. He says, “Let’s clean up the Web’s cobwebs and remove stuff that’s there only because it’s always been there.”
Again yesterday, the issue was brought to my attention by a similar article on A List Apart. They said pretty much the same thing as Nielsen and offered some compelling alternatives to masked entry.
After about a year of mulling over this issue, I have come to change my mind. I agree with Nielsen. From a usability perspective masked entry is a hindrance. It offers very little actual security unless someone is looking over your shoulder. However, masked entry causes much frustration for the user who may think they’ve forgotten their password when really it is just being mistyped.
I do still believe the main benefit of masked entry is the feeling of security. Not seeing our password is so ingrained in our usage patterns that users would likely do a double take and lose some degree of confidence in the security of a system if they saw the text of their passwords. That said, I am seriously considering implementing an alternative with NeoBudget.
My favorite alternative is an open entry field with a checkbox to enable or disable masked entry. Depending on the needs of the site, the entry field could be masked or unmasked by default. The key is that the user has control and is able to unmask the field in order to check spelling. This is often found in operating systems when entering a network key, and it’s very useful for double checking these long strings.
What are your thoughts? Should we start phasing out obscured password entry fields? Have you come across any other alternatives?
(Also, did you know that IRC has a sweet password masking feature?)