Do you think this is a security risk and if not is it a bad UI decision?

Michael Scherer misc at
Sat May 4 21:01:01 UTC 2013

Le samedi 04 mai 2013 à 05:51 -0400, Rahul Sundaram a écrit :
>   Hi
> On Sat, May 4, 2013 at 5:37 AM, Michael Scherer wrote:
>         and I think that even Bruce Schneier have gave his opinion in
>         favor of
>         the proposal :
> Not anymore

This page cite the 2nd link I already gave earlier...

And the way I read it, he explain that for him, the risk of should
surfing are overrated. He also say that for a public terminal and a pin
code, password should be masked, but for a person on a private computer,
that's likely not a problem.

Now of course, the issue is that a installer of a linux distribution is
not a web site, so part of the discussion doesn't apply at all.

And being at the moment in a install party ( which is as the most public
way of installing a linux system ), I see quite often people writing
their passwords on a paper ( and not only during install party ). And if 
most people have already trouble to keep up their passwords, I think most people
will have more problem with passwords of others.

The "show password as we type" proposal is good for a mobile as you
likely have accuracy issues with it, but I am not sure that help solving
the problems that showing password is (IMHO) meant to solve ( but again, I 
just speculate on the reason, I trust the designers to make educated choices but
I am not mind reading ).

Michael Scherer

More information about the devel mailing list