We all know the password field that you find on web pages or login prompts: you type your password, and instead of being visible text, little asterisks or circles appear for each character. Apart from the length of the password, this hides the details so anyone “shoulder surfing” can’t see your password.
On some mobile devices the character you type will appear briefly before being replaced with the asterisk or circle. This is a nod to the nature of mobile text entry which, due to often needing to press a key multiple times to get the right character, is prone to error.
There’s one problem with all this, however. Depending on the length of the password, and the length of the password field itself (due to programmer decisions, screen resolutions and other factors), you can often “fill” the password field and make the characters within it scroll. This makes it difficult to tell if you really did just hit the character you thought you did, or whether you just typed the sixth or seventh character, since the characters substituted are all the same and you often can’t tell that they’re scrolling.
I’d like to suggest that each character in a password field be replaced with a recurring pattern of characters, instead of the same character over and over. For example, you might replace a password with a pattern of “*+*+*+”. Even “thingthingthi” would work. It doesn’t really matter what the replacement is as long as it obscures the real password and makes it obvious when the password has filled the field, causing it to scroll.
Simple, and hopefully effective.