I’m usually fine to sit there and let people be wrong, but both sides of the media, along with the Republicans, have done a really good job at obfuscating one very important fact: The Obama Administration isn’t talking about changing actual healthcare – they’re talking about changing health insurance and coverage so that all Americans can have access to healthcare. A lot – a whole lot in my experience – of people don’t understand this. They think that the President is trying to take us into a clinical healthcare system and that’s just not the case. This is about insurance and coverage, not directly the actual care itself.

Yes, there are parts of what the Administration is trying to push that would change some of the actual healthcare system itself, but that’s on the administrative end. At the very core of what they’re doing is to help enable those without any health insurance at all be able to have some limited coverage so that when they need basic services they don’t have to go to a local hospital and waste taxpayer money on services that are far cheaper at a regular doctors office.

I’m not going to discuss whether what the administration is doing is right or wrong or even where I stand on the whole deal. I just wish that the media would do a better job of educating people about what’s really going on instead of really polarizing the story and leaving out important details. It just makes me cringe.

Technorati Tags: Agenda, Education, Healthcare, Idiots, Insurance, Media, Obama, Obfuscation, Republicans

1. Password masking causes users to make more errors during entry, thus making users less confident which then leads to lost business, and,
2. If users are uncertain as to whether or not they’ll be able to properly enter passwords into masked input boxes they will either resort to keeping their passwords in a text file to copy & paste or “employ overly simple passwords.”

While I can see where he’s coming from here, I don’t know if I’ve ever heard of any website losing customers/business in my 12 years of being a website designer/IT professional because its users were lacking in confidence because their passwords were masked.  For him to validly make that claim I’d like to see him back that up with some real world metrics from companies who have masked login systems.   On the other hand, I will give limited credence to his second argument – that people may use overly simple passwords or keep their passwords in a text file.

However… masked passwords aren’t the only (or primary in my opinion) reason why people use overly simplistic passwords or store passwords in text files on their computers.  In fact, I can give you an example of the latter that I know happens frequently.  Some of my World of Warcraft friends are very concerned about keyloggers (which are somewhat pervasive in fake WoW addons) – specifically those who haven’t bothered to buy the Blizzard Authenticator’s or use the Blizzard Authenticator iPhone app.  So, as a surrogate for that higher level of security, they instead store their passwords in a text file on their desktop and copy/paste their password into the password prompt each time they login to that.

While that method does avoid getting their password caught by a keylogger, it opens them up to accidentally pasting their password into in-game chat or private messages.  Obviously not a very smart, or secure, method anyway.

To illustrate the other part of Mr. Nielsen’s second point I can give you a real world example of people who have overly simplistic passwords: our parents generation.  While I’m not saying my parents have overly simplistic passwords (thankfully my parents have been smart enough to not share them with me when I’m doing tech support for them), I know of many people who are my father’s age – in their 60′s and 70′s – whose passwords are the name of their cats or their kids or their spouses simply because it’s easy to remember.  Also, because they don’t worry about security as much as younger, erm, more aware folks do.

A great example of why removing password masking is a bad idea stems from one of the great features of web browsers that we sometimes take for granted these days: local login info storage.  A quick example: Timmy is at his office and walks away from his computer to get a cup of coffee.  Timmy forgets to lock his workstation.  Mark is on his way to a meeting and forgets exactly which conference room his meeting is in.  As Mark is walking through the office, he walks by Timmy’s desk and notices that his workstation is unlocked.  Mark figures since no one is around and the workstation is unlocked he can use the computer briefly to check his e-mail and find out which conference room his meeting is in.

When Mark opens up the web browser on Timmy’s workstation, it takes him directly to Timmy’s homepage – Gmail.com.  Timmy stores his username and password for Gmail.com on his web browser.  Because the password box for Gmail.com is now unmasked (in Mr.Nielsen’s world), Mark has now inadvertently seen Timmy’s username AND password.  Immediately, Timmy has now opened himself up for all kind of potential harm and privacy issues.  If Mark is a malicious guy and Timmy doesn’t use different passwords for other services, Mark may potentially have access to Timmy’s online banking, credit cards, investment accounts, and other avenues of identity theft.

While the argument could easily be made that even with obfuscated password fields Mark could still access Timmy’s e-mail account and read his mail/change his password in the same situation, he would still only have access to that one account after the password was changed.  Without seeing Timmy’s password, he wouldn’t know what password he was using or if he used it for all of his accounts.

In closing, for once I’ll have to go against what Jakob Nielsen says and firmly stand against the removal of password masking in web- and software-based forms.  It’s just not safe.  The potential for identity theft is higher without obfuscation.

For further reading on this topic, have a look at one of the best responses to Mr. Nielsen’s Alertbox post, which came from Kyle Weems at CSSquirrel.  He also posted a hilarious comic to go with his response.  Both are totally worth reading.

Technorati Tags: Alertbox, Jakob Nielsen, Obfuscation, Password, Security, Usability, Useit.com