Why are password fields asterisked on join-up forms?

3 Sep 2008 - 3:07pm
5 years ago
14 replies
5315 reads
netwiz
2010

When you fill in a form to sign up to a website, the password field,
but not the username, is usually asterisked. Is it to avoid the risk
of someone peering over your shoulder?

And sometimes when they aren't asterisked, you have to type the
password in twice, but not the username. What's the rationale for
that?

* Nick Gassman - Usability and Standards Manager - http://ba.com *

Comments

3 Sep 2008 - 4:59pm
stauciuc
2006

On Wed, Sep 3, 2008 at 11:07 PM, Nick Gassman <nick at netwiz.demon.co.uk>wrote:

> When you fill in a form to sign up to a website, the password field,
> but not the username, is usually asterisked. Is it to avoid the risk
> of someone peering over your shoulder?
>

I would say yes.
Personally, I feel very uncomfortable if they're in plain text. I have only
a couple of passwords that I use everywhere, so it's really bad if someone
catches a glimpse of one of them.

> And sometimes when they aren't asterisked, you have to type the
> password in twice, but not the username. What's the rationale for
> that?
>
I guess there isn't one ;)

>
> * Nick Gassman - Usability and Standards Manager - http://ba.com *
> ________________________________________________________________
>
>

--
Sergiu Sebastian Tauciuc
http://www.sergiutauciuc.ro/en/

3 Sep 2008 - 6:21pm
cfmdesigns
2004

Typing it in twice ensures that the user typed it in right the first
time, since he didn't get to see what he typed.

The one that boggles me is when something else on the page is wrong
(like no zip),so it errors and clears the double password. Which you
don't notice and don't reenter, so it errors a second time. Rrrrrrr.

-- Jim
Via my iPhone

On Sep 3, 2008, at 1:07 PM, Nick Gassman <nick at netwiz.demon.co.uk>
wrote:

> When you fill in a form to sign up to a website, the password field,
> but not the username, is usually asterisked. Is it to avoid the risk
> of someone peering over your shoulder?
>
> And sometimes when they aren't asterisked, you have to type the
> password in twice, but not the username. What's the rationale for
> that?
>
> * Nick Gassman - Usability and Standards Manager - http://ba.com *
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help

3 Sep 2008 - 6:49pm
Jeffrey D. Gimzek
2007

On Sep 3, 2008, at 2:59 PM, Sebi Tauciuc wrote:

> On Wed, Sep 3, 2008 at 11:07 PM, Nick Gassman
> <nick at netwiz.demon.co.uk>wrote:
>
>> When you fill in a form to sign up to a website, the password field,
>> but not the username, is usually asterisked. Is it to avoid the risk
>> of someone peering over your shoulder?
>>
>
>> And sometimes when they aren't asterisked, you have to type the
>> password in twice, but not the username. What's the rationale for
>> that?
>>
> I guess there isn't one ;)

you can READ the username field to see if it is correct.

you cannot tell from the asterisks if the PW is typed correctly. only
retyping it exactly the same way can confirm that.

jd

--

Jeff Gimzek | Senior User Experience Designer

jeff at springstudio.com | www.springstudio.com

3 Sep 2008 - 6:58pm
Shaun Bergmann
2007

I think the original point here was referring to when the passwords
aren'tasterisked, why then do the users have to enter it twice (since
they can see
it). In which case, I have no idea.
Non-asterisked password forms must be extremely rare, however. I can't
recall coming across one.

On Wed, Sep 3, 2008 at 4:49 PM, Jeff Gimzek <listserv at jdgimzek.com> wrote:

>
> On Sep 3, 2008, at 2:59 PM, Sebi Tauciuc wrote:
>
> On Wed, Sep 3, 2008 at 11:07 PM, Nick Gassman <nick at netwiz.demon.co.uk
>> >wrote:
>>
>> When you fill in a form to sign up to a website, the password field,
>>> but not the username, is usually asterisked. Is it to avoid the risk
>>> of someone peering over your shoulder?
>>>
>>>
>> And sometimes when they aren't asterisked, you have to type the
>>> password in twice, but not the username. What's the rationale for
>>> that?
>>>
>>> I guess there isn't one ;)
>>
>
> you can READ the username field to see if it is correct.
>
> you cannot tell from the asterisks if the PW is typed correctly. only
> retyping it exactly the same way can confirm that.
>
>
> jd
>
>
>
>
> --
>
> Jeff Gimzek | Senior User Experience Designer
>
> jeff at springstudio.com | www.springstudio.com
>
>
>
>
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help
>

3 Sep 2008 - 6:27pm
Chris Cage
2008

Certainly the reason for the asterisks is to keep prying eyes away.

I don't know about putting in a password twice if the fields are not
asterisked. I would figure generally the rational behind entering any
field twice is to make sure there are no typos. It makes sense on
some level to have the second password field for verification if you
can't see what you are typing, but not much sense otherwise.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=32617

3 Sep 2008 - 8:38pm
jaketrimble
2008

You should never EVER input your password into a field that isn't
asterisked. This goes way beyond "someone peering over your
shoulder". I have seen some sites that do this (make the passwords
clear text). This means to me that they have no concern over the
protection of my privacy and/or the developers where too lazy or
incompetent to change the TextMode from 'SingleLine' to
'Password'.

Confirmation for "blind" input is an absolute necessity. It assures
both parties involved in the transaction that the desired password was
achieved.

In response to Jim Drew:
I hear you brother! That one bugs me too. Passwords are destroyed on
PostBack for security purposes, that's why you loose them. Over the
past few years I have been forcing our developers to do a little
extra work and capture the data that is correct and if an error in
the form is found it only requires you to fill in the fields that may
have been wrongly omitted or entered incorrectly. I wish more people
would do it. I think that so many people are in such a rush to get
the Authentication process over with that they would rather deal with
less processes...security is already tricky enough.

Bonobo out!

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=32617

3 Sep 2008 - 6:24pm
Sudha
2008

I feel uncomfortable when passwords show up in plain text, too. It's
not just that I'm worried somebody will get a glimpse. For some
reason, the fact that the site would display my password on the
screen makes me wonder if they value the importance of keeping the
password secure enough to protect it adequately.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=32617

4 Sep 2008 - 8:15am
Guillermo Ermel
2008

> 1. Nick Gassman - Wednesday, 1:07pm
>
> When you fill in a form to sign up to a website, the password field,
> but not the username, is usually asterisked. Is it to avoid the risk
> of someone peering over your shoulder?
>
Yes. But I've come across a better solution to the asterisk+double input
field pattern.
It will not work in web browsers, but I think it adds up to this
discussion. In Palm OS, when you type a password, each letter you type
remains on the screen for a moment, and THEN becomes an asterisk. That
way, you get feedback on what you just typed, which makes it unnecesary
to type it twice in two different input fields.

Please note that usage context IS different, since it is easier to hide
the palm device from peeking eyes while entering the password, but it's
not that easy to do so with a big 17" computer display sitting on your desk.
> And sometimes when they aren't asterisked, you have to type the
> password in twice, but not the username. What's the rationale for
> that?
>
That's just a plain mistake :-)
Users CAN read it, so they don't need it twice.

Guillermo

--
Guillermo Ermel
Responsable de usabilidad
MercadoLibre.com

4 Sep 2008 - 4:02pm
darci
2009

"I think the original point here was referring to when the passwords
aren'tasterisked, why then do the users have to enter it twice
(since they can see it) . In which case, I have no idea."

Well, just because people CAN read the field, doesn't mean they
will. Forcing a second entry would seem to reduce the likelihood of
a typo, even in a field that you can see.

Yes, it is an extra field to fill in, but it seems a small price to
pay to ensure that I can log in without having to reset my password
the first time I need it.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=32617

5 Sep 2008 - 3:37pm
Calvin Park 박상빈
2007

There IS a drawback on making it visible that many English-centric
users don't realize.

On an input control with "type=password", Windows doesn't allow CJK
characters(and possibly more).

Password field on sign-up page on my site is unmasked using
"type=text". If a user signs up with a password in Korean text, the
user cannot log in, because the actual login form is using
"type=password".

It's almost like a type-mismatch.

5 Sep 2008 - 9:59am
dawa riley
2007

On Thu, Sep 4, 2008 at 9:15 AM, Guillermo Ermel <
guillermo.ermel at mercadolibre.com> wrote:

"In Palm OS, when you type a password, each letter you type remains on the
screen for a moment, and THEN becomes an asterisk. That way, you get
feedback on what you just typed, which makes it unnecesary to type it twice
in two different input fields"

The same thing happens in password fields on the iphone and I remember
thinking ..what a super useful feature!

> 1. Nick Gassman - Wednesday, 1:07pm
>>
>> When you fill in a form to sign up to a website, the password field,
>> but not the username, is usually asterisked. Is it to avoid the risk
>> of someone peering over your shoulder?
>>
>>
> Yes. But I've come across a better solution to the asterisk+double input
> field pattern.
> It will not work in web browsers, but I think it adds up to this
> discussion. In Palm OS, when you type a password, each letter you type
> remains on the screen for a moment, and THEN becomes an asterisk. That way,
> you get feedback on what you just typed, which makes it unnecesary to type
> it twice in two different input fields.
>
> Please note that usage context IS different, since it is easier to hide the
> palm device from peeking eyes while entering the password, but it's not that
> easy to do so with a big 17" computer display sitting on your desk.
>
>> And sometimes when they aren't asterisked, you have to type the
>> password in twice, but not the username. What's the rationale for
>> that?
>>
>>
> That's just a plain mistake :-)
> Users CAN read it, so they don't need it twice.
>
>
> Guillermo
>
> --
> Guillermo Ermel
> Responsable de usabilidad
> MercadoLibre.com
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help
>

9 Sep 2008 - 12:12pm
Carolynn
2008

Jake, I'm not understanding your comment...

*You should never EVER input your password into a field that isn't
asterisked. This goes way beyond "someone peering over your
shoulder".*

I've been experimenting with this on a new site and from what my
developer colleagues have told me, using type=password is only a
front end mask, it doesn't enforce any kind of encryption. The one
issue I have found is that the browser remembers any plain text
inputs so if there isn't a way around that then I will definitely
use two type=password fields... but could you elaborate on why you
think it goes beyond someone peering over your shoulder?

The reason I'm experimenting with this is because there has been a
lot of chat lately about asking users for information twice (for
example their e-mail address) and the fact that they are more likely
to make a mistake when typing it the second time, and any super users
would just copy and paste anyway so all in all the double request is a
bit of a nuisance and not necessarily ensuring data integrity.

For these reasons, in the 'Registration' section of our new site
the password input is plain text. My thinking is that the user can
see it and therefore check it and change it easily. This project is a
big brand based in Scandinavia so users are a lot more trusting than
average, and 90% of shoppers do it from home so the 'peering over
the shoulder' aspect doesn't really factor in. I'm also wondering
if a little toggling text link next to it such as 'mask
password/unmask password' would ease the pain for the suspicious
folk ;-) There is another recent thread on this topic but I can't
find it!

On the actual 'Login' page, the password field is set to
type=password.

I'm not stuck on doing it this way but I am interested to see how
users feel about it in testing (about 6 weeks away)

BTW Calvin, that's a really interesting point, will definitely need
to do some experimenting around that!

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=32617

9 Sep 2008 - 12:56pm
Jim Burrows
2008

While I agree that the "Enter your email again to confirm" is
problematic fr a number of reasons (power users will cut and paste,
forms fill-in will fill in the first correctly leaving the second
empty which the user can then fill in incorrectly and double entry
being close enough to error recovery to up the chance of error and so
forth) I think there are benefits to double entry of the asterisked
out password.

As Calvin points out, the software may apply different rules to
type=password and type=text fields resulting in inaccessible accounts
due to the inclusion at registration time of characters that are
filtered out at login time. Thus using the same format both times
serves as something of a test.

Likewise, I think, Insuring that the user can repeatably enter the
password blind is an important test. As users are ncouraged to use
more complex and strong passwords they are more likely to create
password that they cannot enter without visual feedback. Anecdotally,
I know I've been saved from being too clever for my own good in
creating passwords that I cannot type as evidenced by failing to do
so twice at registration time.

Of course the real way to answer what works is user testing, but so
long as we're giving opinions, I thought I would lobby for the
uniqueness both in terms of software filtering and user
reproducibility for double entry of passwords.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=32617

6 Oct 2008 - 10:17am
jaketrimble
2008

Carolynn,
So sorry for the delayed response. Your tech guys are exactly right
that no encryption occurs with an input set to "type='password'".
Only the type of connection (i.e. SSL) can encrypt that data. That's
what I meant by "way beyond". I also was referring to the
physiology behind an asterisked field and how users respond to it.
Meaning that most users have absolutely no clue about how encryption
works, but the secure feeling that an asterisked field gives them
makes them think they do.

Think about viewing a distasteful email on line in your office. Of
course no one is around to see that email, but you still have that
feeling in the back of your mind that someone could burst in your
office and you wouldn't be able to minimize in time. Well what if
all that information was asterisked but only you could understand it?
Not possible I know, but hopefully you get the idea. It's about
giving the user a sense of security, however false it may be.

Ok, multiple input. You gave the example of multiple input for
emails. Have you ever noticed that when signing up for most sites you
are almost never asked to input your "Desired User Name" twice? This
is because when it comes to data validation programmers could care
less about that because the user can retrieve it by entering their
email address. That is why it is more important to validate the email
address. As far as a "power user", you would assume that by virtue
of their status they would have copied the correct email. Now if you
aren't creating a user name I personally feel that the duplicate
input of an email is useless. I also feel that many developers just
add in the extra field because they have seen it done so many other
places that it just makes sense to incorporate a standard that users
are accustom to.

All in all it is my opinion that password fields should always be
masked and validated by a duplicate entry. It's about making a
statement to the user. As far as duplicate email and other types of
clear text, it totally depends on the user environment and the way in
which you harvest data.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=32617

Syndicate content Get the feed