Hidden passwords are a feature of most commercial password managers. The feature allows system administrators to change the appearance of shared read-only passwords so they display to end users as a series of dots or asterisks. While a useful feature to prevent shoulder surfing, hidden passwords should not be relied upon as a security feature.
Many password managers have a password sharing capability that provides a secure and convenient way to share passwords with authorized users. For families, this capability enables family members to share login credentials for TV streaming services or food delivery services; while businesses might use it to share login credentials between teams for corporate social media or bank accounts.
In most cases, system administrators have three options when sharing passwords. They can either give authorized users full access to the password which includes permission to change the password, read-only access, or hidden access. Hidden access involves masking the password as a series of dots or asterisks so the password cannot be seen by the end user or anybody looking over their shoulder.
The Perceived Benefit of Hidden Passwords
The perceived benefit of hidden passwords goes back to the days before password managers had sharing capabilities and when most accounts were protected by relatively short and simple alphanumeric passwords. End users had to key in each password manually – which led to many people using weak, memorable passwords or reusing the same password for multiple accounts.
Anybody looking over the shoulder of someone keying in a password might be able to see and remember a weak password such as “password1234” or “qwerty” and use it to access the account. However, not only are passwords now more complex, but shared passwords are also auto-filled by password managers, giving shoulder surfers much less time to remember complex login details.
Consequently, the only perceived benefit of hidden passwords is that they prevent authorized users from seeing the password´s construction when the password resides in a password vault. While this can prevent users writing down the password and using it to access a corporate account away from work, there are many more ways in which end users could access the password if they wanted to.
Why Masked Passwords Are Not a Security Feature
Password managers claim that, by masking passwords, the feature enhances security. However, the claim often comes with the caveat that “a sophisticated technical user can still ferret out the original password.” Unfortunately, in this scenario, a “sophisticated technical user” only needs to search for “how to reveal hidden passwords” to find multiple ways of unmasking shared passwords.
It is also the case that, if the end user so desired, they could access an account using the masked password and then change the password from inside the account to something less complex – potentially inviting hackers with sophisticated software algorithms to hack the account using brute force. Although this scenario could occur regardless of whether the password was masked or not, a perceived lack of trust by the end user is more likely to prompt such a course of action.
If there is any argument in favor of the security benefits of hidden passwords, it is that they might prevent passwords being revealed in a phishing attack. However, a far better way of protecting sensitive accounts against phishing attacks is to apply two-step login to each account so an effective layer of security is added to the account. Fortunately, most commercial password managers offer multiple options for applying two-step login to better secure accounts than using hidden passwords.