Keep masking passwords, for now

Recently updated on

I always find Jakob Nielsen's usability columns interesting. I rarely disagree with his mostly common sense approach, however I found myself at odds with a recent Alertbox column, entitled "Stop Password Masking."

In a nutshell, he believes the common practice of displaying dots or asterisks when typing in a password to be unnecessary and a usability problem. He says that it causes users to make more password entry errors since they can not visually verify what is being typed. I agree on both counts.

He says that because password entry errors are more likely, users therefore feel less confident. I disagree.

Password masking is pervasive. It is quite literally everywhere. I can't think of a single instance where a password isn't masked. It is because of this that I believe its absence will be jarring to users. Worse, it might lead a user to actually question the security of a Web site. In essence, the absence of masking would cause users to feel less confident.

He goes on to offer a compromise for scenarios where someone might actually be peering over your shoulder, by offering a checkbox choice to mask the password. I believe this is a poor compromise.

I am quite stingy when it comes to adding fields to a Web form. We did a study last year where we proved the conjecture that fewer fields leads to higher completion rates. Therefore, I strongly advise clients to remove all but the most necessary fields. Adding a checkbox alongside the password field flies in the face of this.

I am a big fan of the books "Don't Make Me Think" and "The Inmates Are Running the Asylum." Each talk about the importance of removing cognitive friction - ambiguities that cause you to stop, think and wonder. I believe the presence of a masking checkbox (and its associated label/description) would add cognitive friction to a form.

I do agree that password masking is a relic of the past and should eventually go away. However, in this case, our best recommendation is to keep masking in place for the time being.

Share Twitter, LinkedIn, Facebook

Hey there...
Would you mind sharing this post? We would greatly appreciate it.
Thank you.