-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Mon, May 06, 2013 at 08:27:14AM -0500, Josh Bressers wrote: > A checkbox is probably the right way to handle this. While yes it's > slightly more work, it does two very important things. It puts the > user in control, and it is secure by default. Secure by default is definitely where we need to be at all times. Now if we could just get SSH to be secure by default... > Regardless of all the studies that say masking passwords doesn't help, > we can't make this change quickly. We need to slowly ease people into > such behavior. For now, the best solution is probably a checkbox, in a > few releases we can revisit what the current accepted practice is. The > current accepted practice is to mask the password, sometimes with a > checkbox to unmask (but never unmask by default). I remember another discussion similar to this (not on this list) where passwords are shown one character at a time on Android. That added a risk but because the screens are generally smaller and partially covered by someone's hand it wasn't that big of a deal. That was a good compromise that made it easier for people to make sure their passwords (passphrases, right?) were being entered correctly. I feel that not masking passwords isn't good. We can say that when we install Fedora in our homes that no one is around to see our passwords being entered. But we simply don't know where, physically, the user is when he is typing that password or what kind of surveilence is around at the time. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Fedora Project - Red Hat sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQGcBAEBCgAGBQJRh7HfAAoJEB/kgVGp2CYv41wL/jCSQ0itqwAxXhyTMb/RDQAJ lXFCGuDeu8+W9umSWtYqgXziGgGS6cVtX1g1RIGex2cCQ1nkRJ1SGqw+NQxx8PdW e+FZU276woHuOwUMVqdz7lr9k7eLHD+tnRpUIWiR/wLbjEUTtqqzkKbSq8p5YWZ9 ULY7uA8y5N02nNpenU5B+UK6y4cVBNmz57PKnhp8LrgbrGAhkwphPLlHjkXY1hi6 VmUy7Zc9B6ytVIPyoYJN5XiMqlvgGDDoUFBLk6RxmsskuuP/nn0dQefpes3zQ3k3 3zr2GduuxjWSQTsYVA9kDoXVMvTBgKFzDKMrskiL4UFKH/kr4h2e2u/rmVEqUWne kxCe/zZqljT1QMHMWkS74vo/JkQZ6MkmmYE+GOarv9ozD3iNRZ8Omb3kzTN7ev7J sjt9Ax+ujWX3l3NiH2+tSsZTlnsMaIeoF9tse9qhfYXLtRZUc5lm9/A4GgXyO0Vc gB9JjKxRqqnQNdQaHlDwZko6xo2QhqFibRVnOKstaw== =PAsn -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
