One-Time Password suggestion

[Platinum_Disco]

Why is the input for our one-time password hidden with dots? The phone app I used vividly displays my 6-digit otp, and sometimes I find myself misstyping my otp. Just a small suggestion would be to have the otp box not hide the input, because it really doesn't hide anything

[Nicobo]

I recall a story of stolen FF11 account, someone logon his FF11 account (PlayStation2) in his friend's retail game shop,
he didn't notice the display was projected to another TV inside the shop's display window.
He used the soft-keyboard and someone outside the shop saw the process and stole his account successfully.

[EricCartmenez]

The one-time password continually changes, so the person would have to note and get logged in before the password expires, so Platinum_Disco's request is quite valid. That said, this is probably an RSA token, if not a similar 3rd party software, and it's very typical to keep the password hidden when you type even if you're looking at it on your phone or other device.

[Niwashi]

I recall a story of stolen FF11 account, someone logon his FF11 account (PlayStation2) in his friend's retail game shop,
he didn't notice the display was projected to another TV inside the shop's display window.
He used the soft-keyboard and someone outside the shop saw the process and stole his account successfully.

That could be a danger with the regular password, the one that doesn't change and could be used to log in again. The one-time password is different, though. Once used (or within a few seconds even if not used), it becomes invalid and cannot be used again. It doesn't matter if someone else sees what it was when you logged in, since that won't be the password any more.

I agree with the OP. Password masking makes sense and should be kept for the main static password, but not for the one-time password.

[Souljacker]

Why not just offer what Blizzard does and if you are logging in from the same location on the same machine, don't even ask for the one-time password? They have had that in place for years now and I love it. Never once been hacked using it, either - so all those armchair security experts who have no idea how these systems work please give it a rest.