In his latest “Alertbox”, Jakob Nielsen recommends that websites stops masking passwords as users type them. He outlines the drawbacks of password masking and explains that this causes login problems and lost business:
* Users make more errors when they can’t see what they’re typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business. (Or, in the case of intranets, increased support calls.)
* The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.
He also explains that password masking was “a particularly nasty usability problem” on mobile devices.
Dennis Bournique raised that issue last year and also felt that password masking was not necessary on mobile sites.
Indeed, with such a small device on your hand and a tiny screen, who is going to see what you are typing? If you’re using password protected sites on your phone, I’m sure you often do many attempts before typing your password correctly (I know I do with Bloglines or Gmail).
Nielsen recommends abondonning this feature on web sites, and also on mobile sites. Personnaly, I’m not sure this is good idea for desktop web sites, Nielsen forgot to mention that you often log in to a web site while many people can look at your screen (think open-space offices, internet cafÃ©s, etc).
But for mobile websites, this makes perfect sense and will provide a more enjoyable experience.