You should never EVER input your password into a field that isn't asterisked. This goes way beyond "someone peering over your shoulder". I have seen some sites that do this (make the passwords clear text). This means to me that they have no concern over the protection of my privacy and/or the developers where too lazy or incompetent to change the TextMode from 'SingleLine' to 'Password'.
Confirmation for "blind" input is an absolute necessity. It assures both parties involved in the transaction that the desired password was achieved. In response to Jim Drew: I hear you brother! That one bugs me too. Passwords are destroyed on PostBack for security purposes, that's why you loose them. Over the past few years I have been forcing our developers to do a little extra work and capture the data that is correct and if an error in the form is found it only requires you to fill in the fields that may have been wrongly omitted or entered incorrectly. I wish more people would do it. I think that so many people are in such a rush to get the Authentication process over with that they would rather deal with less processes...security is already tricky enough. Bonobo out! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://www.ixda.org/discuss?post=32617 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
