Do you think this is a security risk and if not is it a bad UI decision?
misc at zarb.org
Sat May 4 21:01:01 UTC 2013
Le samedi 04 mai 2013 à 05:51 -0400, Rahul Sundaram a écrit :
> On Sat, May 4, 2013 at 5:37 AM, Michael Scherer wrote:
> and I think that even Bruce Schneier have gave his opinion in
> favor of
> the proposal :
> Not anymore
This page cite the 2nd link I already gave earlier...
And the way I read it, he explain that for him, the risk of should
surfing are overrated. He also say that for a public terminal and a pin
code, password should be masked, but for a person on a private computer,
that's likely not a problem.
Now of course, the issue is that a installer of a linux distribution is
not a web site, so part of the discussion doesn't apply at all.
And being at the moment in a install party ( which is as the most public
way of installing a linux system ), I see quite often people writing
their passwords on a paper ( and not only during install party ). And if
most people have already trouble to keep up their passwords, I think most people
will have more problem with passwords of others.
The "show password as we type" proposal is good for a mobile as you
likely have accuracy issues with it, but I am not sure that help solving
the problems that showing password is (IMHO) meant to solve ( but again, I
just speculate on the reason, I trust the designers to make educated choices but
I am not mind reading ).
More information about the devel