|
Posted by Jukka K. Korpela on 12/16/05 13:29
gerg <noemail@noemail.com> wrote:
> You also stated that
> changing both inputs to text improves security?
May improve.
> I thought the whole
> idea behind a password field was to stop people from looking over your
> shoulder and getting your password?
Thus, when you think so, so will type your password with full confidence on
security, without realizing how easy it is to get the password by looking at
the keyboard. Moreover, since there is a dummy ("*") echo, you will mistype
your password and retype it a few times, mumbling "was by password here
'gerg' or 'greg'?" :-)
> How would changing them both to
> text improve usability or security?
Usability is surely improved, since it is easier to type something when you
see your text echoed visibly. Usually usability and security are
contradictory goals, but maybe not here.
An author could provide _two_ fields for password, a normal field and
a masked-out echo field (misleadingly called "password" field), letting the
user decide. The problem is that this is not common, and users are not
familiar with it, and many people would have difficulties in getting the
idea.
--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html
[Back to original message]
|