Do you think this is a security risk and if not is it a bad UI?decision?

Adam Williamson awilliam at
Sat May 4 20:20:18 UTC 2013

On Sat, 2013-05-04 at 21:06 +0100, Richard W.M. Jones wrote:
> On Sat, May 04, 2013 at 12:52:00PM -0700, Adam Williamson wrote:
> > I haven't found anything much beyond the initial pretty small study
> > (62 participants) cited (and conducted) by Nielsen,
> Do you have a link to this one?  This is the one I was originally
> looking for, but I still can't find the actual study.

looks like it might be the actual report, but I'm not about to drop $300
to find out. Even that looks like it's mainly a set of guidelines aimed
at web developers extrapolated from the research, and the actual
_foundational research_ looks to be skipped over in only 11 pages,
according to the table of contents (there's an excerpt freely available
which includes the contents). It's also not the original 2009 report,
but a 2011 update, though presumably the short write-up of the studies
includes the 2009 ones.

Again, Nielsen's actual piece on masking only mentions any study at all
very briefly, in passing:

"Password masking has proven to be a particularly nasty usability
problem in our testing of mobile devices [hyperlink to], where typing
is difficult and typos are common. But the problem exists for desktop
users as well."

That's it. So far as I can see, that's the sole reference to any actual
identifiable study. And again, so far as I can see, the entire 2009
debate spiraled out from that single post, with lots of 'experts' adding
their subjective $0.02 on either side (mostly against), but no-one
actually adding any kind of useful empirical research.
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | adamwfedora

More information about the devel mailing list