|
> As humans we're very good at looking at something and taking a visual snapshot. If I actually see the Facebook login screen with my username and a long, passphrase like "correct horse battery staple", that's more likely to sink into my brain. It is exactly because that we as humans can take the visual snapshots easily that we still need the most basic masking. Because we can take snapshots. If one of my coworker has a a long phrase password(high entrophy, but very memorable and therefore the coworker has employed) and I happen to take a glance at his screen, then notice his password as a tangible sentence, I will remember it. Even if I don't memorize it on spot, if it happens frequently enough you'd be damn sure that I will. > Masked passwords come from the age of mainframes. And when we're talking about mainframes, that makes sense -- they were secure, private systems, used by specialists. Again, it still makes sense to have masked password, just as it made sense in the mainframe age; we can take snapshots. Having said that, I do see the merits of his point; an option to unmask would be a vast improvement on UX, for which I laud Microsoft on. It's especially difficult for me to type 30-character-long masked password, from my native language layout, on top of English keyboard visuals. I can do it with my eyes closed on keyboard, but it's not very easy to do it on smartphone and much easier to screw it up. |