passionate about people and the web
Mastodon Labs

Seattle, WA 98101
USA
206-930-8870

Password Masking Usability

by Andrew Woods February 12, 2010 0 Comments

Usability Consultant Jakob Nielsen published a proposal to stop password masking, as he believes it causes reduced usability. Password masking is the automatic process of displaying asterisks or bullets instead of your typed characters. Nielsen supports his arguments by offering research from his mobile usability study.

The venerable publication A List Apart, published an article in their 300th issue that discusses Nielsen’s concerns. The author Lyle Mullican offers two potential solutions, complete with Javascript code and explanation. The first solution provides a switch that allows the user to show and hide their typed password. The second allows the most recently typed character to remain visible momentarily before becoming an asterisk. Mullican’s examples are good for explaining how it would work. Mullican himself wrote “Note that this code is only intended to demonstrate the concept, and the process might be improved by using a JavaScript framework such as Prototype”.

Nielsen raised several issues but doesn’t spend any real effort proposing a solution. Of the 2 that Mullican proposed, both will likely be used, each with varying levels of success. One reason for this is designer preference. Each designer will decide what they like better. Another, more significant reason is implementation. Some will use plugins for their javascript frameworks, like Prototype or jQuery. Others will write their own, which will ultimately provide an inconsistent experience across websites. If you don’t think so, consider form validation. Every web developer has unnecessarily written their own email validation function.

The ideal solution would be to update HTML5 to include an improved password input element. This would offer the most consistent experience available to every website user. Of the two solutions demonstrated by Mullican, using a switch to show/hide the password value would be the preferred implementation. It’s more accessible to users that react more slowly, and offers every user more control over their experience. While the current password input has its problems, people understand how it works. So for the time being, your best bet is to continue using it. Hopefully with HTML5, the situation will improve.

Andrew Woods Andrew Woods http://mastodonlabs.com Andrew is the Founder of Mastodon Labs. He has been working on websites since 1999. He enjoys designing and developing interesting data-driven websites, passionate about accessibility, and a karaoke rockstar in his own mind.

Leave a Reply