I think the point is interesting, but the suggestion freaks me out. It's true that people frequently use bad design for no reason other than convention, and I agree that over-the-shoulder password stealing is a mostly imaginary threat. Nonetheless, I have a built-in reaction to seeing my password in cleartext that's similar to walking outside naked. This is a string that we've typed millions of times, but never actually seen appear onscreen! Whenever I accidentally see my password (typing in the wrong field, typing before an ssh connection has returned with the prompt, etc) I get the urge to cover up as quickly as possible, even if I'm sitting in my office by myself!
Nicer Than Necessary
1 month ago
Over the shoulder password-stealing is NOT an imaginary threat. Especially in public areas. I've dealt with it on a few occasions. I think it may be fair to say that over the shoulder password-stealing isn't something to worry about in *most* cases though. However, that doesn't mean we should get rid of masking altogether. It really doesn't matter in the long run anyway, since we will soon be moving towards two-factor authentication for anything important (some banks are already verifying logins via password AND sms message code).
I have that same "fear" when I see my password accidentally typed in the "open".
Did I really just comment after my husband?
@KERaven: Why is that so shocking?
Post a Comment