Password strength

Ironically, I'd already sent this to my SysAdmin who, only today, would not relax the password requirements and so forced me to choose a hard to remember password like the one in the comic.

I also wonder how they guessed both my passwords. Guess I'll have to change them both now...

Source

Hiding Password field values

I really get frustrated with passwords. Its bad enough that I have to have dozens of different ones - each with their own arcane rules (for instance exactly 6 digits, of which you must have 2 numbers and 1 capital letter) - but then I can't even see what I'm typing into the damn field.

Worst of all is Lotus-Bloody-Notes which "compounds the issue further by displaying multiple bullets for each keystroke, giving the impression that you have suffered contact bounce or accidentally pressed extra keys."

As much as it is a overused thing to say, I agree with Jakob Nielsen when he writes "It's time to show most passwords in clear text as users type them" see http://www.useit.com/alertbox/passwords.html.

Even better, use the suggestion of WebFertile (see http://www.webfertile.co.uk/web-design/web-design-resource.asp?postId=33):

Our new website designs will now mask the password field by default, but include a box that users can tick to show the letters typed in.

 For more on this topic - see Schneier on Security

• http://www.schneier.com/blog/archives/2009/07/the_pros_and_co.html 
• http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html