Have anyone of you signed in to Mobile Passport on your PPC ? The above screenshot is what I see on mine.
Some people would argue that so it is to make it easier to get right typing it in multitap the first time or that it is easier to prevent people from prying eyes on a PDA.
I beg to disagree. Isnt that one of the reasons why there is "Remember Credentials" ? It is like saying - If you cannot type and you have a sucky memory, please dont type. In fact, there is a new option called - "Always ask for my username and password" in the defacto Passport mode for the security conscious :)
I just find it too much of a drastic change to remove all these options (in the mobile mode) and NOT use masked passwords instead. It gives the sense that the teams creating these logins are so disparate and so different in thinking and there is not a single philosophical approach. Arent we talking about People, Technology, Integration and Seamless Experience recently ?
The worst thing is that - the Masked Passwords (*) are so commonly accepted these days that it is becoming some sort of "self-imposed" standard. Thousands of sites, mobile or not, are using this "standard".
Why is Microsoft one of the first (if not, the first) to change that ? I hardly think making it correct the first time typing is a good enough reason to change that and this cannot be categorized as innovation.
MSN and Hotmail are all social sites which means that it is catered for people like my parents and grandparents and such and not for the geekiness. The bulk of the people dont really know what the S in HTTPS stands for and dont really care and would never want to care how it works.
To them - The masked passwords is really part of the secure experience although we know that it is more of a placebo more than anything else.
I wonder how will the masses react when they see that their passwords are not masked anymore, even though there is still an S in HTTPS.
I remember running a test before on a workshop on consistency, standards I conducted a while back. In this test, I reversed the order of the username passwords inputs of the (HTTPS) Login screen to the effect of this:
The strange thing about the whole result is that: Most people will stop after entering the first character in the Username field. They will rub their eyes to make sure they are NOT seeing things. Besides the fact that they realized they are prompted for their password FIRST - which is NOT consistent. Most of their responses will be "Why is my password NOT secured ?" Of course, if you are reading this, it is likely that you know that the little stars (*) have nothing to do wih security or encryption. In fact, more often than not, it gives people a False Sense of Security. Many people will still post their passwords, thinking it is secure, when it is masked with little stars (*) and there is NO HTTPS.
My point is that - whether or not security is involved here - it mars a user's perception and his or her experience.
I just tested it with my wife and she refused to login - thinking it was "one" of the bugs on a Microsoft site. - And Yes - she is the normal one in our marriage :)
I had a good Aussie friend of mine test this on his accountant wife as well and this was the conversation:
He: Would you use this screen on your phone?
She: Why are you asking?
He: Just curious…Would you use this screen on your phone?
She: Where are the little stars for the password?
She: No way… something is wrong
(He did not influence her answer)
Does this mean that the masses are normal or that I am just a prude ?
Is this *really* intended behavior ? The least I would do - is to offer this as one of the options as part of personalization.