24

Is it a good idea to have an unmask checkbox for user selection when the users type their password to show them what they typed?

Divi
  • 724
  • 1
  • 9
  • 24

3 Answers3

18

Yes, having such a password can be an accessibility aid for people with mobility issues. Just be sure you don't name it "unmask." Use user-friendly vocabulary like "Show my password."

On mobile, the consensus seems to be that this checkbox should default to display the password unmasked.

On desktop, it's probably better to default to hide the password in keeping with convention, although it's notable that usability expert Jacob Nielsen advocates for unmasking all passwords by default because masked passwords makes users feel less confident, which

  1. leads to lost business.
  2. negatively impacts security because users choose shorter passwords or copy and paste passwords from their computer.

Nielsen also notes that if someone really wants to know your password, they can just look at your keyboard instead of your screen, which means that on-screen masking could give a false sense of security.

Community
  • 1
Graham Herrli
  • 7,416
  • 7
  • 38
  • 58
  • 2
    Very much agree with everything except "asked passwords makes users feel less confident". Unmasked passwords make me (and i would think many) feel less confident, because to me it says "you do not handle passwords in standard ways, following password security" Also on the web a masked password fields are also treated with more security on the browser. – Andrey Mar 15 '13 at 21:27
  • 2
    I would suggest on mobile, the default should be to mask the password, but show the last-typed character unmasked, as in ******j. – devios1 Mar 21 '13 at 20:27
  • @Andrey Less confident can mean "I just typed a few characters and I am not confident I typed the correct ones." Elaborate more on how browsers treat masked passwords with more security. – Tony_Henrich Nov 14 '13 at 01:39
  • @Tony_Henrich From a professional point of view: Dev frameworks have different input fields for test and password. When i see a password in plain text, i feel like the wrong ui component was used. The password UI components have more security built in like preventing browser caching. This lowers my overall confidence in all security ont he site. From a laymen point of view: This is not being treated as a password because it does not look like a password. This must be less secure – Andrey Nov 14 '13 at 15:01
  • @Andrey The password is initially masked with a checkbox to unmask. For the layman, they don't know the difference between an html password field or an html textbox field with masked characters. Therefore I don't believe having a checkbox to unmask is going to make them feel less secure. It's all about the character looking like '***********'. You can stop the browser from caching a form field with autocomplete='off'. Modern browsers should support it. – Tony_Henrich Nov 15 '13 at 17:53
4

Yes, theoretically it's better from a UX perspective. But in general it's worse, as it can lead to security issues. An unmasked password field may let others see it when peeking from behind the user's back.

It is actually balancing between security and UX, as the last paragraph of this article says: http://uxdesign.smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form/

Passwords are sensitive information and they should remain masked. My recommendation is not to let users do it. Or, if a compromise is needed between UX and security: hiding the password with a delay, e.g. the last character typed could be replaced with a mask after one second.

Noah C
  • 814
  • 1
  • 5
  • 9
Dominik Oslizlo
  • 13,849
  • 2
  • 30
  • 57
  • 4
    I'd love to know what proportion of passwords are entered in an environment where someone else could see the screen. My guess is it's a big usability hurdle which is completely irrelevant most of the time. – Steve Bennett Mar 19 '13 at 23:07
  • That's true. However, security is a "higher value" and it should remain kept at decent level. You are right that these situations cannot be very common, but still - possible, and easily imaginable for the user. Having the password field unmasked can lead to a feeling of an insecure system the user is accessing. In the same time, spotting the password from observing the keyboard is almost impossible for most people, and displaying it in unmasked form would let anyone who could look from behind know it. It is the contrast of difficulty between these that makes difference. – Dominik Oslizlo Mar 19 '13 at 23:17
  • 1
    Interesting though that the default on mobile is clear text, or "hide after a few seconds". You'd think mobile users would be more likely to be entering passwords in view of other people - public transport etc. – Steve Bennett Mar 19 '13 at 23:57
  • Although the likeliness is higher, indeed, the mobile screens are smaller and it's harder to spot a text on them. However I am not sure if it is intended. Even hiding each character after some delay is good as to spot a password in this case would need the 'watcher' to see all the process of entering it. If the password remains unmasked, and there are conditions good enough to see the screen from really close distance, it would be too easy to read the password in a second, especially if it's a common word. – Dominik Oslizlo Mar 20 '13 at 00:13
  • But anyway - it's a matter of tweaking, and finding balance between UX and security. There is simply no single answer for this question that would apply to all the situations. But from my perspective, the UX profit is not enough to decrease the security. – Dominik Oslizlo Mar 20 '13 at 00:15
  • Hmm. Maybe a compromise would be a password field that showed the 3 characters around the cursor's location. It would reduce the rate of errors and give the user a bit more confidence? – Steve Bennett Mar 27 '13 at 02:21
  • Nice idea, just afraid users could treat it as an error or at least could find it confusing, and having something wrong with the most private field of the form could make them feel unsafe. Showing just last character typed for a while is more common, so it could be fine. Anyway, for this single field, I just don't see a point fighting for usability. – Dominik Oslizlo Mar 27 '13 at 05:07
  • Question is about providing an option to show the password. It's not about making it one way or the other. If I prefer to enter passwords in clear text and I am confident with this, I would like to have that option. Because what pisses me off is when I enter the wrong password because I couldn't see it AND the site decides to clear BOTH the user name and password. So now I have to renter the user name (possibly a long email address) which was correct in the first place. A lot of sites do this, and it's much more annoying on a mobile device because I am a lot slower typist on a tiny keyboard. – Tony_Henrich Nov 14 '13 at 01:52
  • I'm guessing most people enter their passwords in a toilet stall. Statistically speaking. – Wayne Werner Sep 25 '15 at 20:38
4

The answer depends on your application, of course. But if you have to opportunity to study your users in this regard, do it. That data will be much more useful than general recommendations.

If you can't perform any studies, there's always the general recommendations. Nielson thinks we should stop masking passwords. This report contains some good data and very helpful observations, though some of the assertions are over-generalized and logically problematic.

And as always, you should evaluate any generalized recommendations against the specific context of your application.

Questions to ask yourself:

  1. What are your users' expectations regarding passwords and security?
  2. How secure does your application need to be?
Noah C
  • 814
  • 1
  • 5
  • 9