Do you think this is a security risk and if not is it a bad UI decision?

Chris Murphy lists at
Sun May 5 17:18:00 UTC 2013

On May 5, 2013, at 1:40 AM, Pierre-Yves Chibon <pingou at> wrote:
> So if you disagree please provide *reasonable*
> arguments.

Those who disagree have already done this ad nauseum. The summary:

The Neilsen-Norman article cited is an editorial piece. It is out of scope, out of context, not a study, and not a paper. It suggests there's a usability consequence for masked passwords, which is an observation in the realm of Thank You Captain Obvious, that doesn't really need a study. It should be ignored.

It's inappropriate for others to state the relative risk level of a user's situation, rather than deferring to the user's ability to self-assess their risk level.

The implemented change offers no alternatives, to account for elevated risk contexts.

There are at least two alternative behaviors:

    a.) Mask by default with two fields, with an unmask option that would gray out the (now superfluous) second field.

    b.) The entry method used on mobile platforms, delayed masking per character. I argued against this in my earlier email when I brought it up. This isn't a mobile platform. It's higher risk, and probably not as easy to employ as option a.) which is a common cross platform behavior. 

Chris Murphy

More information about the devel mailing list