Remove password masking

This article summarises the results from an academic study investigating the impact removing password masking has on consumer trust.

TL;DR

Results prove that unmasked passwords were unexpected by participants and when forced upon them a mixed result is gained. Some appreciate the usability benefits, whilst others believe there is an error on the site. This causes them to lose trust in the buying process.

However when participants are offered the choice of masked or unmasked passwords within the interface, participants identified the concept as a feature not an error. Participants identified the usability benefits of clear text passwords and the security benefits of masked passwords. When participants used this option, there was no impact to trust in the e-commerce website.

What is password masking?

Password masking is a very common web design pattern. It involves a text field which accepts any character however doesn’t show the inputted character to the user. Instead it shows a bullet point. This concept is being utilised across the web in the aid of increasing security. You’ll find examples of it on pretty much any site which requires a user to login.

The problem

There are numerous usability problems:

  • Not being able to see what characters have been typed
  • Not being able to check the input
  • Not being able to correct an error

For all this user inconvenience there are practically no security benefits at all:

  • How often is someone looking over your shoulder when you type a password?
  • The input isn’t secured in any way, it’s just a visual representation
  • Password masking doesn’t help prevent attacks from key loggers or malware

Password masking is a legacy pattern that keeps being adopted without a moments thought.

Yet all it does is inconvenience people.

Experts agree

A plethora of usability experts agree that password masking isn’t good for anyone.

Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.
Read full article

Passwords on the Web have long been riddled with usability issues. From overly complex security requirements to difficult to use input fields, passwords frequently result in frustrated customers and lost business. Read full article

Methodology

A qualitative research study to explore participants reactions to unmasked password input fields.

Research question

How does unmasking the password input filed impact on consumer trust in an e-commerce ticket website?

Hypothesis

If password masking is related to trust then removing the password masking will reduce the levels of trust.

11 semi-structured interviews were utilised to understand participants general trusting levels. Participants were asked to think aloud as they used a sample ticket sales e-commerce website. The elements impacting on their trustworthiness of the website were mapped against the Model of Trust for E-Commerce (MoTEC).

Non-probability quota sampling was used to ensure that a healthy level of diversity across age, gender and Internet ability was achieved. All participants had purchased at least three products or services online in the last year and had previously purchased event tickets. Eleven participants were interviewed.

A general analytical procedure was utilised for appropriate handling of the data collected and enabled deriving of meaning.

Results

Removing password masking

Unmasked passwords were unexpected by participants and when forced upon them a mixed result is gained. Some appreciate the usability benefits, whilst others believe there is an error on the site. This causes them to loose trust in the buying process. Therefore a negative link between unmasked passwords and trust is found.

80%
were not expecting to see the password as clear text

But does it matter that they weren’t expecting it?

There was a mixed result. Some indicated that it made no difference to their trust, whilst others said it made them suspicious of the site.

Reasons participants gave for concern:

  • A mistake had been made when building the website
  • Hackers had infiltrated the site security
  • What other technical problems might the site have?

45% identified that not hiding the characters increased usability

"It just makes it easier, so you can see what you have put in... I much prefer having the letters written out so I can see them. ”

"I’ve seen it before on my tablet, sometimes it gives the option to show the passw”ord. But I've never seen it on a website."

60% said they had become suspicious of the site.

"From trusting the site at first glance I have gone to not trusting it at all. If it was a mistake, they may have more mistakes in the buying process... I would probably not continue and definitely try to find the tickets on a different site."

"If I am using the site for the first time, it will definitely ring some bells and raise concerns about how secure my information is."

Optional password masking

When offered the choice of masked or unmasked passwords within the interface, the concept was identified as a feature not an error. Participants appreciated the usability benefits of clear text passwords and the security benefits of masked passwords. When participants used this option their trustingness of the website was unaffected. (Note the password was unmasked by default)

100%
of participants noticed the checkbox and understood the interaction.

What was the impact on trust?

Instead of thinking there was an error with the site participants viewed the clear text password as a feature.

The presence of the tick box reassured them that the change in convention was by design. It also offered the ability to turn masking on and return to a convention they felt comfortable with.

"The fact that it is there gives me the chance to check what I have typed. It is helping me in my inability to do something simple"

"I think that is much better, as it shows they have thought about it"

"It is protecting me against somebody looking over my shoulder. It gives me a feeling that there is some form of protection in place"

Conclusions

Clear text passwords do increase usability, but don’t force the change upon your customers.

Offer it as an option and let them use it when they feel comfortable.

As for what you should set the default to. Well that’s another question...

Research conducted by Jack Holmes

Published 8th September 2014