Hello,
Our view is the “one click login” or “use password without seeing it” gives false expectations of security. There is no such thing as being able to use a password without having the ability to see them.
In practice a user who wants to see the password can replace <input type="password"
to <input type="text"
in the code to see it, or right click on a page > inspect > go to network tab and see the password being sent as part of the data.
We often hear “yes but my users don’t know this”, but for us it’s not a good enough business case. Of course we may reconsider if there are better arguments that we are missing.