The $16 Billion Dots

Test ticker

Support Mother Jones this Giving Tuesday

Did you know Giving Tuesday got started, back in 2012, explicitly to fight against the commercial corruption of Thanksgiving with its Black Friday and Cyber Monday? That’s awesome! And what better way to mark the day than with a Giving Tuesday donation to Mother Jones that will help fight corruption of all sorts, day in and day out. Our finances are rough right now and we could really use a Giving Tuesday boost. Please help us make the most of this heightened day of giving if you can right now.

Did you know Giving Tuesday got started, back in 2012, explicitly to fight against the commercial corruption of Thanksgiving? That’s awesome! And what better way to mark the day than with a donation to Mother Jones that will help fight corruption of all sorts, day in and day out. Our finances are rough right now and we could really use a Giving Tuesday boost if you can help today.

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

Felix Salmon picks up today on the computer security paper by Cormac Herley of Microsoft that I wrote about a few weeks ago, and after quoting Herley’s estimate that one wasted minute per day among online users comes to $16 billion per year, says:

I think it’s reasonable to assume that the idiotic practice of masking passwords by turning them into dots takes up a good minute of people’s time each day, and saves much less than $16 billion a year if it saves anything at all.

That took me aback. I’d never even considered the thought that password masking might be a bad idea. Felix links to an Alertbox column by Jakob Nielsen which suggests that (a) password masking causes more errors and prompts users to choose simple passwords and (b) usually no one is looking over your shoulder anyway so it doesn’t do any good. Maybe for banking sites it’s OK, but we should skip it everywhere else.

I guess I’m not sure about this. The great divide in computing these days isn’t between PC and Mac users (spare me, please), it’s between the deskbound and the mobile. The problem is that password masking cuts both ways. I’m deskbound myself, which means that it really is true that no one is ever looking over my shoulder. On the other hand, it also largely means that password masking doesn’t cause me any problems.¹ Conversely, if I were mobile I might make more mistakes typing in my passwords, but then again, there’s also a greater chance that someone really might be looking over my shoulder.

I guess my feeling is that password masking probably doesn’t provide a ton of protection, but then again, I don’t really believe it costs $16 billion a year either. Trying to do cost accounting on tiny snippets of personal time is a mug’s game, and kind of a dumb one even if I’ve been known to do it myself from time to time.

But I dunno. Maybe password masking causes more problems than I think. What says the hive mind?

¹Though in an office, even the deskbound ought to be careful. Coworkers are probably more likely to try and steal a password than some random guy in a bus station.