Jakob Nielsen proof password masker

Written on July 5th 2009, filed under Usability, JavaScript with 0 comments.

Ok, I’ll admit a lame name for a piece of JavaScript but it does describe what it does. A few weeks ago Jakob Nielsen shocked the web design community by advising to no longer mask passwords. In most situations visitors users would be alone behind the computer and masking the password would cause more confusion than it adds security. Makes sense.

Nielsen did offer one last bit of thought: “Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they’re using an Internet cafe. It’s therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default.”

Since I’m in an experimentation phase with JavaScript I thought I’d write a simple little script that does just that. Things got a bit more complicated once I tried it in IE7. Turns out older versions of Internet Explorer don’t support setAttribute(‘type’,‘foo’). The only way around this was to copy the entire box, and replace the original one.

Without further ado, here’s the script & a demo of the script:

<script type="text/javascript">
window.onload = function(){
	var hide = document.getElementById('hide'); // Change this to match the ID of your mask or unmask checkbox
	hide.onclick = function(){
		var passwordBox = 'password'; // Change this to match the ID of your password checkbox, probably best to use the same value for your name attribute
		var password = document.getElementById(passwordBox);
		if(password.getAttribute('type') == 'text'){
			try{
				// Smart browsers can use this code
				password.setAttribute('type', 'password');
			}catch(e){
				// Special needs browsers (IE<8)
				backupValue = password.value;
				newBox = document.createElement('input');
				newBox.setAttribute('name', passwordBox);
				newBox.setAttribute('id', passwordBox);
				newBox.setAttribute('value', backupValue);
				newBox.setAttribute('type', 'password');
				password.parentNode.replaceChild(newBox, password);
			}
		}else{
			try{
				// Smart browsers can use this code
				password.setAttribute('type', 'text');
			}catch(e){
				// Special needs browsers (IE<8)
				backupValue = password.value;
				newBox = document.createElement('input');
				newBox.setAttribute('name', passwordBox);
				newBox.setAttribute('id', passwordBox);
				newBox.setAttribute('value', backupValue);
				newBox.setAttribute('type', 'text');
				password.parentNode.replaceChild(newBox, password);
			}
		}
	}
}
</script>

If you’re using SitePoints Core library, grab your Core version of the JavaScript mask/unmasker.

Spread the word

• del.icio.us
• Digg
• Facebook
• Ma.gnolia
• Reddit
• StumbleUpon
• Technorati

No comments so far

Commenting is not available in this weblog entry.

About me

I'm Tim Ceuppens, a web worker located in Belgium who's interested in web standards, accessibility and usability. I currently work for QueroMedia, a search marketing firm. Find out more about me.

Grab my blogfeed.

Blogmarks

Zeldman on growing older

Made me smile

The website is down

It can’t be good that I recognize this poor guy’s situation. Remember: the password is a as in apple.

What Google knows about SPAM

For all the quacks out there in blackhat SEO land.

A secret to making money online

Turns out, charging people for something works! David Heinemeier Hansson’s fantastic presentation at start-up school.

The client that matters most

“If you churn out designs based purely on what they want, you tell your client that you’re essentially a factory worker with a copy of Photoshop. If you do what they hired you to do—be an expert on something—then you’re worth every penny, and you build your reputation and credibility.”

Blogmarks archives