Do you think this is a security risk and if not is it a bad UI decision?

Michael Scherer misc at zarb.org
Sat May 4 21:01:01 UTC 2013


Le samedi 04 mai 2013 à 05:51 -0400, Rahul Sundaram a écrit :
>   Hi
> 
> 
> On Sat, May 4, 2013 at 5:37 AM, Michael Scherer wrote:
>         
>         and I think that even Bruce Schneier have gave his opinion in
>         favor of
>         the proposal :
>         http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html
>         http://www.schneier.com/blog/archives/2009/07/the_pros_and_co.html
> 
> 
> Not anymore
> 
> http://www.out-law.com/page-10152.  

This page cite the 2nd link I already gave earlier...

And the way I read it, he explain that for him, the risk of should
surfing are overrated. He also say that for a public terminal and a pin
code, password should be masked, but for a person on a private computer,
that's likely not a problem.

Now of course, the issue is that a installer of a linux distribution is
not a web site, so part of the discussion doesn't apply at all.

And being at the moment in a install party ( which is as the most public
way of installing a linux system ), I see quite often people writing
their passwords on a paper ( and not only during install party ). And if 
most people have already trouble to keep up their passwords, I think most people
will have more problem with passwords of others.

The "show password as we type" proposal is good for a mobile as you
likely have accuracy issues with it, but I am not sure that help solving
the problems that showing password is (IMHO) meant to solve ( but again, I 
just speculate on the reason, I trust the designers to make educated choices but
I am not mind reading ).

-- 
Michael Scherer





More information about the devel mailing list