Do you think this is a security risk and if not is it a bad UI decision?

Mon May 6 18:01:34 UTC 2013

On Mon, 2013-05-06 at 09:21 -0400, Przemek Klosowski wrote:
> On 05/03/2013 10:59 PM, Matthew Garrett wrote:
> > On Fri, May 03, 2013 at 10:36:51PM -0400, Rahul Sundaram wrote:
> >> I was referring to the decision to
> >> show the password in full when the user is typing it.
> >
> > Many UI decisions are unprecedented. That doesn't justify reopening bugs
> > that the maintainer has closed. If you want to have a discussion about
> > whether or not this is a reasonable UI decision, do so somewhere other
> > than Bugzilla.
> >
> 
> In all seriousness, this is a substantial UI decision that requires a 
> commensurate change in user behavior---it shouldn't be dismissed so 
> easily as marking it NOTABUG.
> 
> Another example of such important change that recently appeared without 
> recourse and much discussion is the lock screen: previously, the 
> password unlock widget had focus so one could start typing the password, 
> while the new behavior is that the focus is in the clock, and one needs 
> to hit Esc or Enter. I understand the security tradeoffs: the former 
> behavior is conditioning people to carelessly type passwords in the 
> blind, so they are more vulnerable to fake authentication dialogs, while 
> the new one almost uses the SAK (secure attention key) paradigm. Still, 
> the user behavior change is significant and I keep making mistakes even 
> though I understand and agree with the new scheme.

This was a temporary situation in GNOME 3.6, when the new lock screen
was introduced. In GNOME 3.8 (F19), you can just type your password
again.

> By the way, does Gnome have a SAK? I don't think Esc is a true SAK, but 
> maybe I am wrong about it?

You can't implement a true SAK without support from X and the kernel.