[plorkyeran]

If you present things on a projector on a daily basis, you would probably do a good job of remembering to click the mask button (but having to click the mask button would probably outweigh the occasional convenience of not having to click the reveal button), but people who present things on a projector only occasionally and log in entirely by reflex will frequently not.

[BWStearns]

Computers like most other things in life offer opportunities to screw up and engineering things requires a tradeoff between babysitting and general utility. I think the potential damage in the case above (the occasional presenter has to change a password afterwards) is less damaging than enabling most people to choose better passwords. Your coworker is unlikely to misuse that information. More likely: you have a shitty password and someone breaks a stolen hash because 'Pa$$word' isn't really that creative. I view accidentally showing your password briefly to coworkers as on par with accidentally having an embarrassing email up when you flip on the projector: unlikely to cause long term harm, slightly blush-inducing.

Edit: not implying that we should set up security procedures based on implicit trust of those we work with, but if you're talking about a global internet wide convention then likelihoods are more informative than exceptions.

[tedunangst]

Replace "change a password" with "change all your passwords" and it's a lot less fun.

[omonra]

I am willing to live with this case (some random person who is not used to presenting on a projector forgetting to mask his password) for MY personal utility.

[jtheory]

This doesn't make sense -- why should the random person suffer at all? Your personal utility would be equally well-served by a browser plugin that made your password fields visible.

It's not technically difficult, so if it doesn't exist, it wouldn't take much to create.

[omonra]

My personal utility would not be equally well-served - because it would involve finding & installing said plugin.

Meanwhile that random person who can't be bothered to click on the 'mask password' checkbox is just someone I don't really care about. His 'suffering' is entirely avoidable.

On a more serious note - I believe the number of individuals who benefit from this change (everybody typing in a password) would receive sufficient benefit to outweigh the cost incurred by the few who would bear the burden (someone giving demonstration and forgetting to click 'mask pw' button).

Or - we might just have a browser setting for it.