Usability vs Security of password fields?

[eluser]Xeoncross[/eluser]
I have a register form where I ask for a password, then I ask them to confirm that password with another input. I was just wondering if I am tackling this wrong.

This will be on a family site where I don't care if the people behind the user can see the password when the user registers - it's more important to me that users don't messup the password entry and know FOR SURE what they typed. Is there any other reason not to just use a plain text field on the register form and then a regular password input on the login and everything else?

[eluser]TheFuzzy0ne[/eluser]
Yes - security. You might not care about it in this instance, but I'm sure your users will.

[eluser]elvix[/eluser]
There's no technical security reason for using a password-type input field, this type of field only hides the characters from the user, it has no effect on whether the password is transmitted securely (you'd need SSL for that).

That said, it is convention to use the password and password_confirm fields, so while I personally agree that it's not necessary and actually showing a new user their password might help them remember it (vs. typing blindly), it's not a good idea to surprise new users with techniques they might not expect or understand.

In this case, I think the risks involved in confusing new users probably outweigh any benefits.

</2cents>

[eluser]Xeoncross[/eluser]
[quote author="elvix" date="1244357847"]it's not a good idea to surprise new users with techniques they might not expect or understand.[/quote]

Yes, that is the problem right there. I'll just stick with an extra confirm password field.

[eluser]Dam1an[/eluser]
If I see a site where the password is a plain text field, that site loses all credibility. It doesn't make a differance if it's my online banking or a family site.
I would also be more cautious with giving my email to such a site