

Your password will be shown to you in plain text - onktak

Today i accidentally entered wrong login details for facebook and this is what i got "Your login password will be shown to you in plain text below to make text input easier(Your login is still secure)". That message on its own made me even more suspicious. Of course the message was from facebook but the fact that am so used to never being shown password it got me thinking otherwise. Is it any good to show users their password on login and assume they will feel safe ?
======
rada
I just tried a couple times and got a standard request to reset to a new
password. The language you copy-pasted is odd too. "Login password" instead of
just "password" is unusual, and "plain text" is programmer speak, not regular
English. Something's fishy.

------
pedoh
I saw a javascript trick that would show the first letter of the password as
you type it but then turn the letter into a dot after you type the next
letter, just like a lot of mobile devices do. Seems like this would give some
added sense of security / privacy.

Link: [http://blog.decaf.de/2009/07/iphone-like-password-fields-
usi...](http://blog.decaf.de/2009/07/iphone-like-password-fields-using-
jquery/)

------
btilly
The problem with showing users their passwords in plain text is that it makes
stealing passwords easier for someone looking over their shoulder. However if
you're SSL encrypting the communication, and are following good practices on
the server, you aren't weakening any other part of their security.

------
jtchang
On Android OS phones the first letter of the password is shown but turns into
a star/dot after 1 second.

This approach helps with both usability and security.

