Do you think this is a security risk and if not is it a bad UI decision?

Eric H. Christensen sparks at
Mon May 6 13:37:06 UTC 2013

Hash: SHA512

On Mon, May 06, 2013 at 08:27:14AM -0500, Josh Bressers wrote:
> A checkbox is probably the right way to handle this. While yes it's
> slightly more work, it does two very important things. It puts the
> user in control, and it is secure by default.

Secure by default is definitely where we need to be at all times.  Now if we could just get SSH to be secure by default...

> Regardless of all the studies that say masking passwords doesn't help,
> we can't make this change quickly. We need to slowly ease people into
> such behavior. For now, the best solution is probably a checkbox, in a
> few releases we can revisit what the current accepted practice is. The
> current accepted practice is to mask the password, sometimes with a
> checkbox to unmask (but never unmask by default).

I remember another discussion similar to this (not on this list) where passwords are shown one character at a time on Android.  That added a risk but because the screens are generally smaller and partially covered by someone's hand it wasn't that big of a deal.  That was a good compromise that made it easier for people to make sure their passwords (passphrases, right?) were being entered correctly.

I feel that not masking passwords isn't good.  We can say that when we install Fedora in our homes that no one is around to see our passwords being entered.  But we simply don't know where, physically, the user is when he is typing that password or what kind of surveilence is around at the time.

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project - Red Hat

sparks at - sparks at
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
Version: GnuPG v1.4.13 (GNU/Linux)


More information about the devel mailing list