Jakob Nielsen has officially come out against password masking, arguing that (in most cases at least) the usability issues it creates outweigh the overstated security issues.
Since passwords (especially when masked) are a personal pet peeve, my first reaction was “YES!” But after thinking about it a while, and discussing it with colleagues, there appear to be at least two problems with presenting passwords in clear type.
First, it’s not the convention. Nielsen touches on this issue, but says it doesn’t matter because it’s not a convention people look for and it’s not going to cause confusion. Though I agree to a point, I think it might turn some users off. They’ll see their password in clear text and think, “Wow, these guys don’t care about security. Can I trust them with my personal information and credit card number?”
Second, people tend to use the same password (or small set of passwords) for many websites and applications. Even though security may not be a concern in one application, it may be very important in another. So maybe it doesn’t matter that someone sees my password for one website, but if I’ve been foolish enough to use the same password for my online banking, that most definitely does matter!
I really want to agree with Jakob Nielsen on this. But for now at least, the idea of presenting passwords in clear text makes me a bit nervous.
