In our digital world, we have become well acquainted with the login form—username shown in plaintext, password shown in asterisks or dots. This design dates back to the early days of terminal computing, and despite huge changes in nearly every other area, the humble login form remains largely untouched. When coupled with the ubiquity of smartphones, this means we often find ourselves entering complex passwords on a tiny touchscreen keyboard with little or no visual feedback on what is being typed. This paper explores how password masking on mobile devices affects the error rate for password entry. We created an app where users entered selected passwords into masked and unmasked password fields, measuring various metrics such as typing speed, error rate, and number of backspaces. We then did an exploratory analysis of the data. Our findings show that, perhaps unexpectedly, there is no significant difference between masked and unmasked passwords for any of these metrics.
CITATION STYLE
Pidel, C., & Neuhaus, S. (2019). BREAKING: Password Entry Is Fine. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11594 LNCS, pp. 67–80). Springer Verlag. https://doi.org/10.1007/978-3-030-22351-9_5
Mendeley helps you to discover research relevant for your work.