NIST 800-171 R-3.5.11
Obscure Authentication Feedback
Official citation: 3.5.11
Class: core · Severity: low
Statement of the obligation — verify against source
3.5.11
What it means
Obscure authentication feedback so onlookers can't capture it — for example showing asterisks as a password is typed, or briefly showing a character before hiding it. Tune the approach to the device: shoulder-surfing is a bigger risk on large monitors, while small mobile keyboards may warrant brief visibility to reduce typing errors.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.