Do you think this is a security risk and if not is it a bad UI decision?
Dan Mashal
dan.mashal at gmail.com
Sat May 4 05:49:44 UTC 2013
On Fri, May 3, 2013 at 10:45 PM, Chris Adams <cmadams at hiwaay.net> wrote:
> Once upon a time, Bruno Wolff III <bruno at wolff.to> said:
>> It's not like the people entering the password don't know it is visible.
>
> Actually, yes it is. The vast majority of other software that accepts
> passwords for any reason hides the passwords as they are typed, so the
> general expectation is that passwords are not displayed on the screen.
> Many people look down at the keyboard to type and would not necessarily
> look up as they are typing the password. So, they probably won't know
> the password is displayed in the clear on their screen until they are
> done.
It gets worse. Say you dont use the mouse. Keyboard only. Type a weak
password, which is shown in plaintext, TWICE. Now you tab over to done
and your password is shown YET AGAIN for a THIRD time in plain text.
This occurs during root password and user/administrator password
creation.
Dan
More information about the devel
mailing list