Adminstration password


This is maybe a stupid question but this thought came up when reading bug #759 “Administration password confirmation when creating new virtual server”.
The option to have the second password field is of course a good thing, for those who want to “retype” the password, but why is the form field for the Administration password a “password” field and not just plain “text” field?
I don’t see why it’s necessary to hide what you are typing, if you actually can see what you are typing then you minimize the risk of a typo, and of course can check/read that it’s ok before you continue. I sometimes(rather often) have to retype the password because I get the feeling that I have done a typo or entered it wrong, would be nice to actually see what I enter.

What do you other guys think? Do you need to "hide" the password on the screen while you are typing it?


I obviously share your view, Leif. Which is why I filed that “bug report” in the first place. As Jamie said, you can unmask your password typing: "go to the Module Config page and set the ‘Generate random password?’ option to ‘Yes’.

A perfect system, to me, is:

  • unmasked password typing
  • 2 "enter password" fields for cross-checking
  • immediate warning by Javascript when Field 1 does not equal Field 2

I believe that should be the default setting, in my case and for users who are not a web-hosting company.

If you are a web-hosting company, it is more likely that you will use random password generation. So, the issue of whether you can see what you are typing is not relevant at all.

Responding to your specific question… no, I believe we don’t really need password masking in both cases.

That said, I also believe in Jamie’s general rule of thumb to make form filling as simple as possible: i.e. fewer fields/options = better. Incidentally, not having masked password is the simpler rule. Why have something that we don’t need?

I think the main reason for hiding password fields is in case somebody else is beside you when you are setting something up so that you can type it in and they cannot tell what you typed, unless they managed to watch the keys you pressed.