\n\nA recent Scientific  American article points out that security researchers have been doing things like reading screens using cheap telescopes from hundreds of feet away (the distance between nearby office buildings in New York, say), or magnifying reflected images in users' eyeballs (something I actually predicted about twenty-five years ago in my old science fiction setting).\n\nOf course, users usually aren't being watched, but simple security isn't for the usual case. Sure, leave your front door open, burglars usually aren't wandering through your neighborhood. Displaying cleartext passwords is just asking for it since snapping a high resolution still photo is ridiculously more easy than filming a user's keystrokes or packet sniffing. In Nielsen's world, I could sit in any Starbucks and collect dozens of userids and passwords over coffee. What's worse, as each happy notebook user tried out their three favorite hard-to-remember passwords I'd be able to collect information which would let me break into multiple accounts.\n\nOf course this would never happen, because users would probably shy away from the lack of perceived security on any sites taking Nielsen's bad advice. In this case, they'd be absolutely right.\n\nA huge problem with Nielsen's argument is that the usability angle is virtually irrelevant (most people type passwords from muscle memory and don't rely on visual feedback) and the use-case is wrong (entering passwords is a common operation which people can remember how to do, not an obscure operation people need help remembering).\n\nNow, Nielsen's observations are based on observing usability tests of mobile devices accessing password-protected sites, and I have no doubt the observations are valid. But herein lies the problem with usability testing -- it may show you a problem, but it doesn't show you the solution. Go do a real test of Nielsen's \"solution\" and see what really happens. I have no doubt entering a password in a cleartext field is easier, but the downstream costs aren't part of the test.\n\nGruber's point (in providing the link) is well-taken:\n
The iPhone strikes an interesting middle ground here…” it shows you each letter you’ve typed in a password field for a second or so before turning it into a bullet.\n\nJohn Gruber, Daringfireball\nThe iPhone solution is excellent because it doesn't open up any new security hole (filming an iPhone user's password is exactly as hard as filming someone typing). Nielsen's proposed solution opens you up to having your passwords recorded by random security cameras being watched by random guys many of whom aren't earning much more than minimum wage and who are really bored.\n\nNielsen proposes a checkbox to mask password entry for insecure situations. Great. So we're making a technically simple gizmo more complex in the interest of reducing security. Please, if you're going to add a bunch of JavaScript to make your password entry field work better, use it to make your logins secure over http. How many people will remember to click the \"mask\" checkbox, or inadvertently type cleartext passwords before they realize what's going on?\n\nThe only really relevant use-case where seeing your password improves usability is when you're entering a new password for a new account, and even then Nielsen's argument fails—having visual feedback when entering and confirming a password would encourage users to invent new passwords they have virtually no hope of remembering, which in turn would lead to more \"security questions\" and \"mail my password to me\" garbage which is where the really huge security holes lie.\n\nSo, in summary, in this particular case Nielsen is wrong, and not even wrong in a useful way. He's wrong on the following counts:\n