Is It a Best/Recommended Practice to Not Use “Make Visible” the Password when Entering It?

Problem scenario
You think that the users should not click the "make visible" option when entering a password. As an I.T. professional, you are not sure if this should be used or not. You read and think that it should not be used. Is it recommended that you have a practice of not letting the users make the password visible?

It is not clear. The National Institute for Standards and Technology now recommend you use it (according to ). Why? Users are given incentive to create shorter more guessable passwords when they cannot type it in. Traditionally it was said that passwords should not be written down or saved elsewhere. Password managers are now common. Visibility enables complex passwords. Canonically the policy was that if someone was shoulder surfing, an invisible password (with "*" or dots) would be more secure.

Leave a comment

Your email address will not be published. Required fields are marked *