I think the point is interesting, but the suggestion freaks me out. It's true that people frequently use bad design for no reason other than convention, and I agree that over-the-shoulder password stealing is a mostly imaginary threat. Nonetheless, I have a built-in reaction to seeing my password in cleartext that's similar to walking outside naked. This is a string that we've typed millions of times, but never actually seen appear onscreen! Whenever I accidentally see my password (typing in the wrong field, typing before an ssh connection has returned with the prompt, etc) I get the urge to cover up as quickly as possible, even if I'm sitting in my office by myself!
5 days ago