Dan Sandler, <input type="password"> must die!

We propose that the HTML password input widget is harmful to user security, as it draws attention away from relevant security indicators, exposes a password's keystrokes to hidden client-side code, and generally conditions users to supply sensitive information in insensitive places. In this paper we advocate private password entry: a mandatory, common authentication user experience that allows the user to enter a password for any site in private, free from snooping JavaScript. We describe a UI design for private password entry called the password booth that is backward-compatible with HTML login forms on most existing websites. It can be used to provide timely and relevant security indicators, as well as potentially unify and enhance other advances in authentication on the web. We hope that the password booth approach will, like a voting booth or a bank-card PIN pad, become a security feature that users come to expect for their own peace of mind.