02222019Fri
Last updateFri, 22 Feb 2019 1pm

Passwords: Count the dots?

Something that I have always considered to be an example of bad design and bad philosophy is the use of those stupid dots and asterisks used to populate password fields so that nobody can see what has been typed. 

Everyone has seen this when entering a password, and eventually those dots or asterisks leave everyone wondering what they just typed.

The theory behind hiding passwords behind those dots is that the world must be absolutely full of people who read over your shoulder.  Seriously though, how many times does that happen?  I have been typing passwords into computers since the early 1970s, or ten years before the first personal computer existed, meaning that in more than four decades I have probably typed in a zillion passwords.  On only one occasion in all these years have I personally been in a situation where someone tried to read a password I typed.  I came up with a non-technical solution to that problem, but I will come back to that later.

The philosophy behind obscuring passwords behind those dots is just plain wrong.  Not only does it seek to address a problem that does not exist but for most people it makes the task of typing in a password much more difficult.  Very few of us are able to type with 100-percent accuracy, meaning that we need to be able to check our typing for errors.  This wrong-headed concept of obscuring passwords makes that impossible.

Sometimes I see people counting the dots in an attempt to determine how many characters they just typed or to help them remember which password they should enter.  Unfortunately for them I have seen many places where the password field is populated with perhaps 12 dots without regard to whether the password has five, ten or 15 characters.  So counting the dots is usually a waste of time.

There are much better ways of dealing with this issue of preventing passwords from being observed surreptitiously.  Situational awareness means to just be aware when you are being observed and act accordingly.  Of course this requires common sense and that is something lacking among software designers who continue to obscure passwords for no good reason except that they have always done it that way.

Earlier I mentioned that there had been only one occasion during the last four decades when those dots might have been useful to prevent someone learning my password.  I was about to type in the password and noticed that someone was looking over my shoulder.  Even though the letters on the computer screen might be hidden behind dots, the person behind me could still have been watching my fingers on the keyboard and thus learning my password.  I had to quickly come up with a solution, and though I have tried this only once years ago it would probably still work today:  stop typing, turn around, look the unwelcome spy in the eye, and in a firm and loud voice, say ‘SHOO!’

Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico.  The opinions expressed are his own.  He may be contacted through his web site at SMAguru.com.

No Comments Available