Why are passwords not visible?

Why am I unable to see what letters I type when I input my password? I’m a lousy typist and it’s frustrating to have to keep blindly entering a password. I can sort of see why this would be important in an office, but I’m sitting at home by myself.

Is this actually a legitimate security measure? Is it simply an archaic holdover? And, am I the only one bugged by this? :confused:

So someone can’t look over your shoulder and see what you’re typing. And the form has absolutely no idea that you’re home alone.

one finger data entry can help having a correct entry.

There are sites that give you the option of seeing the password, but only a few,

Get a password manager. I use LastPass.

I added “Show Password Field” to Firefox. But it doesn’t work everywhere. (Bleeping Flash!)

And yet, even a utility like this specifically made to show your password blanks out each letter after a second! :smack:

Every site and utility should allow the user to see the whole password indefinitely if they choose. No one’s looking over my shoulder on this machine.

(While there are “screen grab” malware utilities that can see your password then if you have it made visible. If you’ve got malware on your machine, there’s a ton of easier ways to grab passwords.)

I work as a front-end developer, and previously I’ve done a lot of roles in user interface design. A lot of UI designers have talked about this issue, and the usability problems with the current forms.

Good developers are usually very security conscious. They are also engineering minded, so they tend to have a black and white view of how a page is constructed. A common stereotype of a software engineer building something without a designer is that it will work, but it won’t be pretty or easy to use. They care about functionality first and foremost.

The password box(es) are hidden in case someone is looking over your shoulder. Since you can’t see it, they make you type it in twice most of the time. Smartphones usually show the last letter due to the possibility of you typing it wrong and the more likely possibility of someone looking over your shoulder.

This is bad for usability, as you have already found out. As such, a growing trend is to default to showing your full password while having a prominent checkbox for the option of obscuring it. This is being used a lot on mobile phones as well, although obscuring on the mobile phone usually means revealing just the last character. Some default to obscuring with the checkbox to reveal the password.

The advantage of showing it is simply that it helps you avoid typos. The disadvantage is a slight security loss since you may start typing half of your password before realizing it is showing for anyone to see.

I doubt you’ll see the ‘default to show’ method used on many high security applications (banks, government, health) any time soon.

A question: what good is a concealed PW if your machine has a keystroke logger malware program in it?

None.

But then, what good is having a lock on your door when your house has windows someone can just smash to get in?

Same principal. You make theft as difficult as possible while still maintaining usability.

  • Psst…there’s this new guy KevTheGreen…seems OK…hold off on putting his

Oh, Herro KevTheGreen! Welcome aboard.

Your principal was/is your super-teacher. The principle is what you are describing.
*
– Grammar-Nazi since 1973*

Mostly I was curious if this bugged anyone else. It just seemed like a hold-over from when most computer use was in offices or school labs. I mean, if someone sneaks up behind me while I’m supposed to be alone in my apartment, I’ve probably got bigger problems than password security. Anyway, trmptgn’s reply was especially enlightening. Thanks all.

In iOS the most recently typed character is visible, and is replaced with an * when you type the next one. It helps.