On Sat, May 4, 2013 at 10:27 PM, Adam Williamson awilliam@redhat.com wrote:
On Sat, 2013-05-04 at 13:20 -0700, Adam Williamson wrote:
That's it. So far as I can see, that's the sole reference to any actual identifiable study. And again, so far as I can see, the entire 2009 debate spiraled out from that single post, with lots of 'experts' adding their subjective $0.02 on either side (mostly against), but no-one actually adding any kind of useful empirical research.
The other link I've seen cited in favour of the change - http://uxmovement.com/forms/why-password-masking-can-hurt-your-sign-up-form/ - again appears to be solely opinion stated as fact. It's all phrased very categorically, but there is no reference I can find to any kind of actual evidential backing.
I wanted to stay out of this discussion but if we want to go this route there you go:
http://dl.acm.org/citation.cfm?doid=2406367.2406384 http://dl.acm.org/citation.cfm?doid=1280680.1280683 http://dl.acm.org/citation.cfm?doid=1968613.1968647 http://dl.acm.org/citation.cfm?doid=1030083.1030116 ....
The change to display the password as plain text is just wrong (see studies / papers above ... you can find a lot more of them).
Seriously this changes just papers over another bug "we suck at keyboard layout selection" ... "fixing" it by showing the password like that is just wrong.