Do you think this is a security risk and if not is it a bad UI decision?

Dan Mashal dan.mashal at gmail.com
Fri May 3 20:04:16 UTC 2013


Hi,

In the latest Fedora 19 Beta TC2 install after I got through the
initial steps of the install I started to setup my root password.

To my surprise my password was shown in plain text instead of bullets.

I believe that this is a major security risk and that this is a new UI
change going forward and this is not a bug.

Do you think this is a good idea?

What if you are installing and someone is looking over your shoulder
and you don't know about this new "UI improvement"?

Someone would see a password that you may or may not often use whether
it's secure or not.

Even if someone watched you type the password or recorded it with a
camera, that would be harder to decrypt than just showing it in plain
text while you type it in to anaconda.

In addition, it was stated that this is becoming a "popular" UI
enhancement but there was no documentation provided as to where this
is popular. In my experience you would click on an icon next to the
dialog box if you wanted to see the password. This is what is becoming
popular. Not showing it as plain text while you type.

Thoughts?

Dan


More information about the devel mailing list