On Fri, May 3, 2013 at 10:45 PM, Chris Adams cmadams@hiwaay.net wrote:
Once upon a time, Bruno Wolff III bruno@wolff.to said:
It's not like the people entering the password don't know it is visible.
Actually, yes it is. The vast majority of other software that accepts passwords for any reason hides the passwords as they are typed, so the general expectation is that passwords are not displayed on the screen. Many people look down at the keyboard to type and would not necessarily look up as they are typing the password. So, they probably won't know the password is displayed in the clear on their screen until they are done.
It gets worse. Say you dont use the mouse. Keyboard only. Type a weak password, which is shown in plaintext, TWICE. Now you tab over to done and your password is shown YET AGAIN for a THIRD time in plain text. This occurs during root password and user/administrator password creation.
Dan