Do you think this is a security risk and if not is it a bad UI decision?

Dan Mashal dan.mashal at
Sat May 4 05:49:44 UTC 2013

On Fri, May 3, 2013 at 10:45 PM, Chris Adams <cmadams at> wrote:
> Once upon a time, Bruno Wolff III <bruno at> said:
>> It's not like the people entering the password don't know it is visible.
> Actually, yes it is.  The vast majority of other software that accepts
> passwords for any reason hides the passwords as they are typed, so the
> general expectation is that passwords are not displayed on the screen.
> Many people look down at the keyboard to type and would not necessarily
> look up as they are typing the password.  So, they probably won't know
> the password is displayed in the clear on their screen until they are
> done.

It gets worse. Say you dont use the mouse. Keyboard only. Type a weak
password, which is shown in plaintext, TWICE. Now you tab over to done
and your password is shown YET AGAIN for a THIRD time in plain text.
This occurs during root password and user/administrator password


More information about the devel mailing list