That's addressed in TFA. You may disagree with his reasoning, but he didn't forget about it either.
I'm not sure I agree with him either. That said, I won't type if somebody's watching me, masked or not. I wonder if it might almost be safer - I work with sysadmins who will happily type passwords in with users right there, but if their password showed up on the screen, they might send the user out, or at least make them turn around. Of course, that's probably also the same kind of thinking that says people would be safer drivers if we put a HUGE FREAKING SPIKE in the steering column and banned seatbelts. If I happen to be around when somebody's typing a password in, I make a point of turning around. Mike Joel Esler wrote on 6/26/09 9:20 AM: > What about Shoulder surfing? Haven't you ever watched "Hackers"? > > J > > On Fri, Jun 26, 2009 at 8:40 AM, Aaron<[email protected]> wrote: >> I read an interesting article about removing the mask from passwords. >> For mobile devices I think it would be a great idea. For some >> desktops, I know it would cut down on support calls. In other >> instances I think they must stay masked. I was just wondering what the >> rest of the PDC list thought. I have links to the articles below. >> >> Summary: >> Usability suffers when users type in passwords and the only feedback >> they get is a row of bullets. Typically, masking passwords doesn't >> even increase security, but it does cost you business due to login >> failures. >> >> >> Main article here: (http://www.useit.com/alertbox/passwords.html) >> >> which was also posted to slashdot here >> (http://it.slashdot.org/story/09/06/25/1856214/Nielsen-Recommends-Not-Masking-Passwords) >> >> Regards, >> >> Aaron >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
