Password Masking: A “Best Practice” to Stop

A new post by Jakob Nielsen notes that usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn’t even increase security, but it does cost you business due to login failures.

It’s time to show most passwords in clear text as users type them. Providing feedback and visualizing the system’s status have always been among the most basic usability principles. Showing undifferentiated bullets while users enter complex codes definitely fails to comply.

Most websites mask passwords as a security measure. Of course, anyone watching you log in can simply look at the keyboard and note which keys are being pressed. So, the practice is a definite hindrance to usability and a questionable at best approach to security.

See the full post at