The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security
And his solution is to present passwords in clear text?
Hmmm. That seems to be a mix metaphor of a message: lets prompt people to make a more secure password (arguably not going to have much effect) but then display it in clear text.
To me that seems a true loss of security :)
EDIT: ignoring his point (b) because that is completely irrelevant - clear text password boxes are no more or less secure than copy/pasting the password. BUT your not giving the user the choice - every user has that bit less security, not just those copy/pasting.
And his solution is to present passwords in clear text?
Hmmm. That seems to be a mix metaphor of a message: lets prompt people to make a more secure password (arguably not going to have much effect) but then display it in clear text.
To me that seems a true loss of security :)
EDIT: ignoring his point (b) because that is completely irrelevant - clear text password boxes are no more or less secure than copy/pasting the password. BUT your not giving the user the choice - every user has that bit less security, not just those copy/pasting.