Technology.am (June 28, 2009) — Jakob Nielsen recently wrote a thought-provoking post suggests masking is hurting more than it helps, and that it’s only being kept around out of habit.

Password masking – the practice of replacing the characters a user types into password entry field with bullets – has been widespread on the web for a long time.

There is opinion that masking makes users feel more secure. It was said masking password to keep someone who might be reading over your shoulder from reading your password. What if you’re screensharing with a coworker or recording a screencast that happens to include your site’s login process?

But Jakob Nielsen said, “Masking ruins the user experience. When users can’t see what they’re typing, they’re likely to make mistakes and second-guess themselves such as did I forget my password, or did I just make a typo? After many login failures, they’ll either stop using your site or call support. Users also try to get around the problems of masking by entering a simple, insecure password, or by copying and pasting their passwords in. Why are we continuing a practice that undermines user security and adds uncertainty to the user experience?