Do you think this is a security risk and if not is it a bad UI decision?

Pete Travis lists at petetravis.com
Sat May 4 04:54:34 UTC 2013


On Fri, May 3, 2013 at 9:40 PM, M. Edward (Ed) Borasky <znmeb at znmeb.net>wrote:

> I didn't notice this the last time I did an install. But yes, it's a
> *problem* if it does that. I'll upvote or whatever if someone re-opens; I
> do so many installs in coffee shops that I would flat out not use a distro
> that did this!
>
>
>


Regardless of the arguments for either position, whether for ease of use
and
pseudosecurity or for peace of mind and tradition, I think the above will
be the
reaction
from the world at large.  There may be valid and convincing reasons to
cease
obfuscating passwords, but doing so would put Fedora supporters in the
position of
presenting those justifications regularly.

Personally, I think it presents a false sense of security, and any valid
concerns can
easily be rectified by changing the password after installation.  However,
users
**expect** that security, and the result of removing it will be calamitous.
We'll get
lambasted by the tech press, flamed on user forums, and dejected
head-shaking in
server rooms.  Opportunities to provide a righteous counterargument will be
few and
readily dismissed.

I'll make a small concession here. The demographic most affected by the
propaganda
I'm describing are casual or inexperienced users, and not part of Fedora's
traditional
user base.    Keep in mind that these users are also prospective Fedora
users, and
have the potential to gain experience, become proficient, and perhaps even
become
active contributors.

People **will** bitch about being able to read the password as they type
it.  "Any
Press
is Good Press" is a bromide that Fedora shouldn't test.

- Pete Travis
 - Fedora Docs Project Leader
 - 'randomuser' on freenode
 - immanetize at fedoraproject.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130503/d266e39a/attachment.html>


More information about the devel mailing list