On 01/13/2016 11:04 AM, Steven D'Aprano wrote:
On Wed, Jan 13, 2016 at 01:22:02PM +1100, Chris Angelico wrote:
On Wed, Jan 13, 2016 at 1:17 PM, Oleg Broytman
wrote: Hi!
On Wed, Jan 13, 2016 at 12:54:14PM +1100, Steven D'Aprano
wrote: The old convention on Linux and Unix is to just suppress all feedback, but even on Linux GUI applications normally show bullets ??? or asterisks.
Modern GUIs show the real character for a short period of time and then replace it with an asterisk.
Ugh. I've only seen that on mobile devices, not on any desktop GUI, and I think it's a sop to the terrible keyboards they have. I hope this NEVER becomes a standard on full-sized computers with real keyboards.
I don't know... I'm about 35% convinced that obfuscating the password is just security theatre. I'm not sure that "shoulder surfing" of passwords is a significant threat.
This might not apply for people working from home, but at work I regularly enter my own password or passwords for other systems with other people intentionally looking over my shoulder (e.g. pair-programming, debugging, confirming error reports etc.) Should I ask them to look away from the screen each time? cheers, Georg