Password masking is the act of hiding passwords as bullets or asterisks when the user enters the password. Password masking is an attempt to protect the user against shoulder surfers who look at the screen.
However, password masking does not protect against a skilled criminal who is well versed in the art of stealing passwords. They can look at the keyboard and see what is being typed. Moreover, password masking provides a poor user experience, as the user cannot see the password they have typed and typos can lead to the actual password being different from the one the user thinks they entered. Additionally, password masking creates the following issues:
Users cannot see the password, so they are more likely to make mistakes and thus be less confident. This might eventually lead to them not using the website/facility at all.
Since users have low confidence when passwords are not shown to them, it might lead to them using straightforward passwords or copy-pasting them from some other place where they are written down. This is a compromise on security.
A probable solution to this is always providing a check box that the users can select or unselect if they wish to see or hide the password, as there are places where passwords need to be hidden, such as internet cafes. However, users can choose to see the password for their convenience if they’re alone or they need to confirm if they have entered the correct password they were aiming for.
Free Resources