[Python-ideas] Password masking for getpass.getpass
Terry Reedy
tjreedy at udel.edu
Wed Jan 13 19:29:40 EST 2016
On 1/12/2016 8:11 PM, Muhammad Ahmed Khalid wrote:
> Greetings,
>
> I am working on a project and I am using getpass.getpass() to grab
> passwords from the user.
>
> Some of the users wanted asterisks to be displayed when they were typing
> in the passwords for feedback i.e. how many characters were typed and
> how many to backspace.
...
> Please let me know about your thoughts on the issue.
You are debating the wrong issue. I work at home. I HATE Passwork
Masking Security Theatre. Since I cannot reliably type 10 random hidden
characters (or so sites tell me), it causes me endless grief for
0.00000% gain. If any of my passwords is stolen, it will, with
probability 1.0 - epsilon, be part of one of the hacks that steal
millions at a time from corporate sites. Epsilon would be something
other than a stranger looking over my shoulder.
http://www.zdnet.com/article/we-need-to-stop-masking-passwords/
PS: When UNIX decided to give no feedback, most people had one short
easy-to-remember, easy-to-type password. Not a hundred hard to remember
and type.
---
Terry Jan Reedy
More information about the Python-ideas
mailing list