Stop blanking passwords...
- Started
- Last post
- 36 Responses
- mg330
- moth0
Let's not forget the fact that he's ridiculously bald, and is thus by science predisposed to being eligible for ignoring in most matters of everything.
- ximeraLabs0
I like how on the iPhone/iPod Touch the password field is masked, but shows you the most recently entered character in the sequence for a second before it masks.
- lukus_W0
once we're chipped all this will be irrelevant
- sikma0
"but it does cost you business due to login failures"
I wish I could be paid to make such brilliant observations.
- version30
don't show my password to people that may be looking.
- Jnr_Madison0
Yeah, you need to add...
INPUT TYPE="password" AUTOCOMPLETE="off
To stop it.
- but as acescence says it's not the only way.Jnr_Madison
- and in fact, not the best way.Jnr_Madison
- I've just emailed Nielsen asking for advice.. I'll post any info I get.lukus_W
- hahaJnr_Madison
- lukus_W0
^ I just read this (http://www.schneier.com/blog/ar... Bruce agrees, so I guess he must have a point.
- chossy0
Just shout if any of you bogans look at ees while I;m typing my password out I'll fucking gee ye a skelpit leatherin ye dicks.
- acescence0
IE has autocomplete=off attribute. non-standard and breaks validation, of course. you can prevent autocomplete pretty easily with javascript in any browser though.
sure he makes some good usability points, but he obviously doesn't know much about security.
- lukus_W0
^
I agree .. but if you use <input type="password" /> it's masked and forgotten by the browser, but if you use <input type="text" /> it's unmasked and remembered isn't it?
I might well be being dense though.
- Jnr_Madison0
To be fair, he covers most situations so it's hard to pick out a major sticking point even if you don't agree. But someone would have to be pretty driven to catch a password from watching a keyboard unless the victim types with two fingers or it's very short. Him thinking that most people have their own office is pretty funny.
- lukus_W0
The only problem I can think of, is what the browser might do if we start using plain text password fields.
I think most password fields are blanked by default - and the most browsers also purposefully forget what users type when this type of input is used. If a load of designers start using a textbox inputs for passwords wouldn't this change?
Nielsen should have discussed or at least hinted at secure ways to implement this.
- he said toggle, no?Jnr_Madison
- * and _most_ browsers
* using _textbox_ inputslukus_W - yeah, he said toggle - but what input type should you use on yr web form to get this action?lukus_W
- Yeah, I misread your post, I agree.Jnr_Madison
- acescence0
a good response:
- cannonball19780
he makes a good point
- kelpie0
To be honest I think his toggle chat is a perfectly good idea, as his concerns with the usability of password fields seem valid and are most likely based on observation rather than assumption. I just like the way people here will immediately jump on the offensive with jacob nielsen, its quite telling, worrying even when you think that his objectives really should be in alignment with any good web-designers. He's not saying "make your sites look like my one" ffs
- I'd say unix style: not even the number of character visible! Feedback on security is for pussies.Autokern
- Khurram0
You only gotta see someone typing a password for one website and you got the password they use for EVERYTHING.
one.
- My god, I agree with something this cock says.Jnr_Madison
- Eat a dick.Khurram
- You hurt little bitch.Khurram
- Stugoo0
to be honest why not have a toggle... show password characters.
- Took the words right out of my mouth.thatboyneave
- that's what he suggestskelpie
- Maybe I should have read the whole thing...thatboyneave
- shitehawke0
* stands up, "no I'M Spartacus!"
- Daithi0
Make that two.
No doubt that he's a dick, but the password thing holds water for me – particularly regarding the mobile internet.