On May 5, 2013, at 1:40 AM, Pierre-Yves Chibon <[email protected]> wrote:
> So if you disagree please provide *reasonable*
> arguments.
Those who disagree have already done this ad nauseum. The summary:
The Neilsen-Norman article cited is an editorial piece. It is out of scope, out
of context, not a study, and not a paper. It suggests there's a usability
consequence for masked passwords, which is an observation in the realm of Thank
You Captain Obvious, that doesn't really need a study. It should be ignored.
It's inappropriate for others to state the relative risk level of a user's
situation, rather than deferring to the user's ability to self-assess their
risk level.
The implemented change offers no alternatives, to account for elevated risk
contexts.
There are at least two alternative behaviors:
a.) Mask by default with two fields, with an unmask option that would gray
out the (now superfluous) second field.
b.) The entry method used on mobile platforms, delayed masking per
character. I argued against this in my earlier email when I brought it up. This
isn't a mobile platform. It's higher risk, and probably not as easy to employ
as option a.) which is a common cross platform behavior.
Chris Murphy
--
devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/devel
