Jakob Nielsen has a recent Alertbox against obscuring passwords with ****asterisks****. Some people has proposed several solutions, but none of them is both secure and usable. I think I've found a solution that is both.
Thinking of this as an information problem instead of (just) a security one,
what is needed to solve it is something like the hash codes as used in
You don't really need to show the *whole* password, just enough
information derived from it so that the user will notice if there was
an error. For an example on how it could work:
- Say, the chosen password is HOMELAND.
- As a simple hash, remove every second letter: HMLN
- Shift each letter one character down: GLKM
- For this result to be usable, combine each obtained letter with the
nearest vowel: GILOKOMO
If the user mistypes the password, a different check-word will be produced.
For example: HOPELAMD -> HPLM -> GOKL -> GIOUKOLO *error, the
password is wrong.
Of course, a real hash function should be used that utilizes *all* the
information in the original password, not half of it! The important
property of a hash function is that the original information can't be
recovered from it, so the password is safe. Much better for security
than a plain-text exposed password, isn't it?
This process has a small usability problem in that you'll have to
learn the check-word for every new used password, but login is such a
repetitive procedure that this learning should happen quickly.