I've been reading a few pros and cons recently about password masking. Traditionally it is one of those unquestionable security commandments - "Thou shalt mask passwords", but is it always necessary?
Why do we mask passwords? What's the benefit?
To stop the password being exposed to third parties. The password is a shared secret between the system and the authorized user, so letting others see it in plain text is a no-no. While this is true, are all passwords created equally? The password, or PIN number, you may use on your ATM card in a public place is at much higher risk of being seen by an unauthorised third party than your webmail login or even your network login that you use in the privacy of your office or cubicle.
"But we don't all sit in an office or in a cozy cubicle!" you say, cursing the designer of the open plan office. Very true.
Another benefit may be that users 'feel' more secure that their password is being kept 'secret' by not displaying on the screen. Despite the original purpose being to mask the password from a 'shoulder surfing' colleague, it has come to be something expected by users today, and like the padlock in the corner of the browser is a 'symbol of security'.
The downside is of course, that users cannot see what they're typing, so when they are denied a login they're not sure if they've forgotten their password or are simply mistyping the correct password. There is also the argument that password masking leads to poorer security because users choose 'easier' passwords (ie: less complex ones) so that they reduce the chances of mistyping a complex password. This argument does assume that having the password unmasked would lead to more complex passwords because the chances of mistyping are reduced. Personally I think most poor simple passwords are based on ease of remembering rather than the odds of mistyping.
I noticed recently that Apple had implemented a 'half-way' solution on the iphone (and this may have been around for a while, I'm just stating where I saw it) in that as each character is typed it appears in plaintext briefly before becoming an asterisk. This has the benefit of reducing mistypes (not uncommon with the iphone on screen keyboard!) but also making shoulder surfing a little harder by forcing the 'surfer' to pay attention to each keystroke and never showing the password as a whole. I think this is an interesting solution that has potential for those sorts of passwords that are most likely to be used in a 'private' setting (like your office or home) but not of course for PIN numbers and the like.
Subscribe to:
Post Comments (Atom)
1 comments:
Perhaps one of the few clever things the developers at IBM that created Lotus Notes ever did was the picture that changes in the password dialogue (presumably based on a hash of the text entered) allowing you to just remember the picture that corresponds with the correct password.
Post a Comment