Why mask the password in INPUT.PASSWORD?
Jacob Nielsen on his website issued a call to stop masking passwords in forms. This does not mean authorization forms, but registration forms, where they usually ask to enter the password twice.
He gives 2 problems that arise when masking passwords in forms:
If you think about it, it’s really not clear why now use camouflage on registration forms. The only reasonable reason is that someone in an Internet cafe can look over the entered password over his shoulder. But it is so unlikely, and Internet cafes themselves are already dying. If necessary, Nielsen suggests adding a checkbox to the form to enable masking of the entered passwords.
Don't mask passwords anymore?
He gives 2 problems that arise when masking passwords in forms:
- Users make more mistakes when entering passwords, as they don’t see what they are entering, which makes them feel insecure, and some may freak out and not register at all.
- Users can enter a simpler password, so as not to worry about the "blind" input of a complex password, or use copy-paste. This reduces the security of their account.
If you think about it, it’s really not clear why now use camouflage on registration forms. The only reasonable reason is that someone in an Internet cafe can look over the entered password over his shoulder. But it is so unlikely, and Internet cafes themselves are already dying. If necessary, Nielsen suggests adding a checkbox to the form to enable masking of the entered passwords.
Don't mask passwords anymore?