On the other hand, some say that even the passwords should not be
masked:
http://www.useit.com/alertbox/passwords.html
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=44039
Hi Anthony
i would not recommend to mask the security question since this could
be really annoying to use in case of errors during entering.
Have you already read Jakob Nielsens latest post on masking
passwords?
http://www.useit.com/alertbox/passwords.html
A good alternative would be to mask
Wish I had the definitive response here. Instead I'll offer a
resource you may not have been aware of.
Last week's SOUPS papers may give you some further ideas of security
risks, user behavior related to security and privacy, and usability of
various security schemes.
Of course the canny user will just type them out somewhere else and
copy and paste them in anyway...
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=44039
Hi all,
I'm reviewing an account creation page that contains username,
password, confirm password, a drop-down selection for security
question and a plaintext box for entering the security answer.
It's my gut feeling that the security answer box should also be
masked just like the
://www.syntagm.co.uk/design/ajaxdesign.shtml
-Original Message-
From: new-boun...@ixda.org [mailto:new-boun...@ixda.org] On Behalf Of
Anthony Hempell
Sent: 23 July 2009 10:38
To: disc...@ixda.org
Subject: [IxDA Discuss] Security question: plain text entry or masked
There's been quite a lot of chat in the blogosphere about password marking
(generically) since Jakob Nielsen published an alertbox against it:
http://www.useit.com/alertbox/passwords.html
and then Bruce Schneier, who gave him some security advice, somewhat
recanted:
Thanks Caroline.
This is for creation of an online account at a major NA wireless
provider. The account would contain most of that person's personal
information, so I consider it high security, perhaps just below that
required for online banking.
Since it is for a wireless provider,
Another take on this is to consider who can see this info after it's
entered. Is it used only for me to confirm my identity online, or are
the answers to these security questions viewable by any random
customer service rep who looks up my account? Part of the expectation
that's created by
