Propose your solution
Attachments
Duplicates
Comments
|
gmatht
wrote on the 15 Jul 08 at 02:01
|
|
|
It is a security feature. But it is hardly essential if you pick a reasonable password. Lets not confuse GUI users who are used to seeing stars appear.
There is an argument that this should be consistent over GUI and CLI, but I am not sure that it is important enough to do anything about.
Perhaps instead of displaying stars, the GUI could display a greyed out rectangle. This would make it harder to count the number of characters while still making it clear that the GUI is accepting input.
|
|
Auzy
wrote on the 15 Jul 08 at 06:03
|
|
|
....
Code wise, in terminal we can simply add 1 sentence "Password will not be shown as it is typed", and people recognise immediately what's happening. That's an easy fix.
But your method would involve changing every password entry dialog to say the sentence, and change the behaviour.
Sorry, your idea offers a bit more security, but you cant expect canonical to go through 50 applications source code, to change the behaviour and text in every dialog box, and then keep the source of all those apps up to date.
|
aysiu
(Brainstorm moderator)
wrote on the 15 Jul 08 at 06:19
|
|
|
I don't get it. It either is a security feature or it's not.
If it's not a security feature, why did everyone vote down adding visual feedback for the terminal?
If it is a security feature, recoding 50 applications should be worth it, for security's sake.
Security is only as strong as your weakest link.
|
|
|
|
Or better, you can type 3* for each one so this way its very dificult to count how many characters you typed
|
|
glotz
wrote on the 15 Jul 08 at 18:49
|
|
|
|
I really couldn't care less whether the blobs are displayed or not but I think it would be nice if it worked consistently in GUI and in CLI.
|
|
|
It could show a random number of * each time (just like kde was doing once).
It could show anything! Even Monalisa making an strip tease and taking off a piece of cloth for each key you type hahaha
|
|
Auzy
wrote on the 16 Jul 08 at 00:44
|
|
|
|
I think that would actually encourage most people to make very short passwords Mr.eldannen, which isn't something we'd like to encourage :P
|
|
gmatht
wrote on the 16 Jul 08 at 11:44
|
|
|
If you've seen how a computer novice responds to something as simple as an unexpected dialog box, then it clear this is a bad idea so -1.
For the terminal: It isn't a bad idea, but since we theoretically don't expect novices to be using the terminal anyway and since the status quo gives terminal users a small security boost, I don't really care, so +0. I can't speak for the people who -1'ed the terminal idea, although for myself I prefer things the way they are.
|
|
|
|
Knowing the length of a password is not a significant security flaw. Be realistic.
|
|
coz
wrote on the 23 Mar 11 at 20:36
|
|
|
Hey guys,
The concept of it being a security feature is clear to all here ,, just an excuse, either for laziness or inability.
I think a simple tick box to show or not show visual feedback for passwords in terminal would be the best solution
gksudo is at far greater security risks than gnome-terminal and asterisks show there,,,dont remove those please...
|
Post your comment
|
Ubuntuforums.org thread #859745
