Do you think this is a security risk and if not is it a bad UI decision?
misc at zarb.org
Sat May 4 09:37:02 UTC 2013
Le vendredi 03 mai 2013 à 23:24 -0500, Eric Sandeen a écrit :
> What is the downside to defaulting to a hidden PW, with an opt-in mechanism to
> display the password as it's typed? The downsides of defaulting to cleartext have
> been noted, and to me are quite self-explanatory.
First, we need to see why the input default to visible.
The discussion about it have been going since a few years in usability
circles when Jakob Nielsen proposed it :
and I think that even Bruce Schneier have gave his opinion in favor of
the proposal :
I can add to that that I have seen more than once people setting a
password which was not the one they believed due to :
- keyboard layout ( ie, qwerty vs azerty in France )
- small usage difference with Windows way, again on azerty keyboard
( people using capslock on french keyboard to type numbers while they
should use shift, as capslock just type capital letter like À or É and
not 0 or 2, and if you do not understand, just look on the web to
compare how different it is from qwerty-based keyboard )
Or I could also speak of the small non standard keyboard such as macbook
one where ~ or | are not printed and where using the wrong keyboard
could result in wrong characters if you are unaware of the problem.
Or what about the people where the ASCII ( or ASCII related ) chars are
not the norm, and people are forced to use it for the password despite
sometime being less familiar with it ( ie, china, japanese, india ) ?
I think we can agree there is a few problems to solve here, and showing
the password ( I think ) help to solve them ( or at least minimize the
time spent on figuring what is wrong ).
But the discussion is not about that, even if I think the rational
around the defaults.
Showing by default will help people who are less familiar, hidden by
default will satisfy people who think that's a security issue.
Hidden by default and showing it on demand is likely to still be a
hindrance to people who may not know they type their password wrong
( because I think most assume that it will work fine, we are not to a
point where people assume by default this will fail ).
So what about hiding on demand, and having it visible by default ? This
way, people who prefer to have it hidden will be happy, and we are still
friendly to non technical users.
( and then the discussion is around the mechanism to hide the password,
between "reduce visual clutter" and "have a explicit checkbox" )
More information about the devel