Jakob Nielsen’s latest Alertbox article says we should ditch password masking.
“Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn’t even increase security, but it does cost you business due to login failures.”
<a href=”http://www.useit.com/alertbox/passwords.html”>Stop Password Masking</a>
For me, it’s something a user could have the option of turning off, but it works as a default.
While a ‘skilled criminal’ can watch a keyboard any fool can watch a textbox…