Stop using password inputs: Neilson

Have you ever typed in the wrong password? Did you ever try 3 or 4 times before getting it right? Did that frustrate you?

Usability guru Jakob Neilson is recommending that web designers stop using the password input box as it presents a common usability problem, without really increasing security.

More importantly, there’s usually nobody looking over your shoulder when you log in to a website. It’s just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.

Neilson’s argument is valid: password boxes do reduce usability. However, typing your password in clear text may present somewhat of a culture shock for most web users. I once typed my password in the “user id” field of Gmail’s login screen, and got worried for a moment, even though there was no one around. Even though passwords masks may not increase security, it represents security for many people.

Neilson suggests that the designer may add a “hide my password” checkbox option on the login screen for highly sensitive applications such as bank accounts. However, I think it would be more apt to add it to all login screens which show passwords in clear text – at least for now, and until we (web users) break the association of security and password masks.

A few clever designers have come up with semi-solutions to the password mask usability problem.

Chroma Hash by Matt Thompson allows you to determine if two password are the same (password and confirm password fields) by displaying a colored code beside each field.

Stefan Ullrich’s iPhone-like password input allows you to see a typed character for a split second before masking itself.