Comments on: On password masking and usability

By: Hacking at 0300 : Unmask Password Plugin

Hacking at 0300 : Unmask Password Plugin — Tue, 03 Jan 2012 01:54:24 +0000

[...] logical thing to do is to have a checkbox that would show the characters, and the easiest way to do that is to change the type of the input element from password to [...]

By: Domain name registration

Domain name registration — Thu, 12 May 2011 11:26:00 +0000

Really helpful post. thanks for sharing. And now i am going to bookmark this site.

By: Gaia Canestrari

Gaia Canestrari — Mon, 04 Apr 2011 16:31:00 +0000

thanks, this is really helpful. x

By: Idea: The simplest registration form ever « Lea Verou

Idea: The simplest registration form ever « Lea Verou — Thu, 23 Jul 2009 17:04:17 +0000

[...] human verification field at that point. There is no need for a password verification field, since we could just have a checkbox for displaying what the user typed, if they feel insecure about [...]

By: Anotha Guest

Anotha Guest — Sun, 19 Jul 2009 21:25:32 +0000

http://blog.decaf.de/2009/07/iphone-like-password-fields-using-jquery/

Maybe you’ll find this interesting. An iphone-like password field mimic with jQuery. Not well written (early version) + it includes some important bugs, but if you’d like to implement something like this in your website, I hope the source code can inspire you to…

By: Basilakis

Basilakis — Fri, 10 Jul 2009 10:33:16 +0000

No openID! Facebook Connent!

Anyway, here Lea, a WordPress plugin to do that

http://blog.clearskys.net/2009/06/30/unmask-password-plugin/

By: Lucas

Lucas — Thu, 09 Jul 2009 02:35:10 +0000

You could also just let users use there OpenID, that way they only have to remember one password.

By: Lea Verou

Lea Verou — Wed, 08 Jul 2009 19:48:17 +0000

Not really. I, myself said in the original post that it’s simple for particular cases (especially when event handlers are not involved).
After looking into it and a bit of quick testing, it appears that the script you provided doesn’t copy event handlers to the text input, even the ones set via jQuery or traditional event handling (which is easy). The hard (and correct way) would be to copy ALL event handlers to the clone, no matter how they’re set (which may even be impossible).

Just try that:

$(function() {
	$('#text').showPassword('#checkbox');
	$('#text').click(function() { alert('foo'); });
	$('#text').get(0).onclick = function() { alert('bar'); };
});

and see if they work on the text input as well (hint: they don’t).

This is not trivial: Most authors that want something like that, also have event handlers on form elements for validation (in the password field for password strength for instance). This would break this kind of form validation.

Moreover, that script requires the checkbox to be present, even when JavaScript is disabled, which is generally considered bad practice. The checkbox has to be generated with JavaScript, since it only functions when JavaScript is enabled.

Interesting blog though, thanks. Just added it to my feed reader.

By: Thorin Messer

Thorin Messer — Wed, 08 Jul 2009 18:07:12 +0000

Someone seems to have a shortage of trouble in life: http://www.unwrongest.com/projects/show-password/

By: Lea Verou

Lea Verou — Sun, 28 Jun 2009 16:43:22 +0000

It would be even better if we could leave IE outside of our minds as well. However, neither of those two is usually an option…

We can just dream that one day IE will implement Webkit as a rendering engine and V8 or TraceMonkey as a JS engine (yeah, right… )

By: Basilakis

Basilakis — Sun, 28 Jun 2009 16:37:48 +0000

Or we can leave IE outside our Designs, why not we?