I was reading this article on theregister.co.uk about the usability of masked (i.e., hidden) password fields on GUI forms and webpages. It is just crazy to even think that showing the password field is a good thing compared to current practice that has the password fields masked with dots or asterisks.
- Attackers will be fine with screenshots of when you login to webpages instead of keyloggers
- What about remote screen sharing and when you have to login to a service or webpage?
- What if I have a colleague looking at my screen and I need to login somewhere? Sorry can you please leave till I login because you can see my password…. everyone can see it really (even the person across the street with the telescope(not that you should).
There are probably more but I can not think of any right now. I think you get the point. It is a just a bad idea. Maybe they should make the field UV and no one can see it unless they are wearing special glasses (a bit better solution, I think).
 Reported by out-law.com – “Masked passwords must go” – http://www.theregister.co.uk/2009/06/30/masked_passwords_usability/