Link Details

The ‘whether or not to show plain text in password fields for usability’ situation has never really been resolved to my satisfaction; plain-text fields are clearly much more usable and less confusing than obscured passwords, but what if the person using the plain-text field is sat in a public place? Showing their password for just anyone to see would be ludicrous. The iPhone style of obscuring everything except the last letter is a good compromise that offers a combination of security and usability, and there are plenty of great guides out there on how to implement this in your web pages. But it’s still based on the flawed assumption that the user is always going to be somewhere public. And it’s not 100% secure anyway because if someone watches each letter as it’s typed over your shoulder, depending on what the password is, it could be very easy to remember. The point is that we don’t have to rely on a compromise when a solution is easy to implement.