Sunday, April 18, 2010


I know the reasons why passwords have to be starred out while you're typing them. Someone could be looking over your shoulder and catch a glance at it, blah blah blah.

But I have to type passwords dozens of times a day into many devices, and often these have to be complex, difficult passwords, case-sensitive, with punctuation and digits. And if I mess up my system will freeze and not let me try again for a while. 99% of the time there's no one around who even could be catching a glimpse of my screen. Not even with binoculars from a distance.

Even worse, typing a password on a cell phone is usually starred out, even though obviously no one can see it, it's in my hand. And typing passwords on a cell phone is even harder since you've got a tiny keyboard at best (a numeric keypad even worse, and an on-screen keyboard worst of all). To be fair, sometimes when I'm entering a password on my cell phone I get to see the last character I typed, but once I type another one, the first one goes to a star. But there's no point in any of it being starred out.

It feels like a policy that made some sense (in the "better safe than sorry" mindset) 20 years ago has become de rigeur and carried forward to today without anyone asking if its costs still outweigh its benefits, given how many more passwords we have now, how much more often they change, and how much more complex they are. Wouldn't it make sense to make every password box at least have a toggle between hidden and shown? You could even make it default to hidden, but give us a quick toggle click or keystroke to make it shown if we know no one else is behind us, and there's no security cameras (though really, a security camera that could read it off your screen can probably also read where you fingers move on the keyboard).

No comments: