The Ubuntu community has contributed 15328 ideas, 75068 comments, 1387413 votes
Idea
#11136: Remove visual feedback from GUI password dialogues
|
| |
-24
|
|
|
Written by aysiu the 15 Jul 08 at 01:33.
Category: Security.
Related to:
Nothing/Others.
Status: New
|
|
|
Description
Since a lot of people seem to think that not showing visual feedback for password authentication (in the terminal, for example) is a security feature, let's remove visual feedback from the GUI, too.
See Idea #11118: Display *** for password in the terminal for more details:
http://brainstorm.ubuntu.com/idea/11118/
Attachments
Duplicates
Comments
|
gmatht wrote on the 15 Jul 08 at 02:01
|
It is a security feature. But it is hardly essential if you pick a reasonable password. Lets not confuse GUI users who are used to seeing stars appear.
There is an argument that this should be consistent over GUI and CLI, but I am not sure that it is important enough to do anything about.
Perhaps instead of displaying stars, the GUI could display a greyed out rectangle. This would make it harder to count the number of characters while still making it clear that the GUI is accepting input.
|
|
Auzy wrote on the 15 Jul 08 at 06:03
|
....
Code wise, in terminal we can simply add 1 sentence "Password will not be shown as it is typed", and people recognise immediately what's happening. That's an easy fix.
But your method would involve changing every password entry dialog to say the sentence, and change the behaviour.
Sorry, your idea offers a bit more security, but you cant expect canonical to go through 50 applications source code, to change the behaviour and text in every dialog box, and then keep the source of all those apps up to date.
|
|
aysiu wrote on the 15 Jul 08 at 06:19
|
I don't get it. It either is a security feature or it's not.
If it's not a security feature, why did everyone vote down adding visual feedback for the terminal?
If it is a security feature, recoding 50 applications should be worth it, for security's sake.
Security is only as strong as your weakest link.
|
|
BadChoice wrote on the 15 Jul 08 at 06:52
| |
Or better, you can type 3* for each one so this way its very dificult to count how many characters you typed
|
|
glotz wrote on the 15 Jul 08 at 18:49
| |
I really couldn't care less whether the blobs are displayed or not but I think it would be nice if it worked consistently in GUI and in CLI.
|
|
Mr.elderman wrote on the 16 Jul 08 at 00:39
|
It could show a random number of * each time (just like kde was doing once).
It could show anything! Even Monalisa making an strip tease and taking off a piece of cloth for each key you type hahaha
|
|
Auzy wrote on the 16 Jul 08 at 00:44
| |
I think that would actually encourage most people to make very short passwords Mr.eldannen, which isn't something we'd like to encourage :P
|
|
gmatht wrote on the 16 Jul 08 at 11:44
|
If you've seen how a computer novice responds to something as simple as an unexpected dialog box, then it clear this is a bad idea so -1.
For the terminal: It isn't a bad idea, but since we theoretically don't expect novices to be using the terminal anyway and since the status quo gives terminal users a small security boost, I don't really care, so +0. I can't speak for the people who -1'ed the terminal idea, although for myself I prefer things the way they are.
|
Post your comment
|
|
|
Ubuntuforums.org thread #859745