design, jQuery, web design

Password Masking

Check out the article below by Jakob Nielsen regarding how he thinks password masking should be removed entirely: Password Masking

I agree that password fields are a pain in the butt as they are, but not masking the field entirely isn’t a practical solution, since you could be at a library or at a friend’s house with nosy people around.  Sure, as the article says they could look at the keyboard, but fast typists don’t need to worry as much if they have a strong password that has keys positioned throughout the keyboard.

I think a solution to password input is to have a regular text box on the form to accept the password.  Once the text box loses focus, it should convert itself to a password field.  It’s worth further thought to see if subsequent focuses should show the password again or not.  Off the top of my head, I think that the box should stay as a password field unless the contents are erased; if that happens, it should revert to being a regular text box until content is entered.

I also believe that this solution shouldn’t be used for sign in boxes. Password managers and key rings built into web browsers nowadays handle storing passwords (and that should be the only thing handling your passwords!). If you’re on a sign up screen entering a password and you use a password manager, it is probably because you’re not on your machine, or this could be the first time you’re signing in. The site could have been redesigned and it could have changed the names of the input fields used to collect the information. The fact remains that you could be in a public place while doing this, leaving your password plastered on the screen for all to see.

I may write a jQuery plugin to handle this, pending some further thought into the subject.

What do you think?