- From: Jim Manico <jim.manico@owasp.org>
- Date: Sat, 3 Jan 2015 10:52:05 -1000
- To: ianG <iang@iang.org>
- Cc: Craig Francis <craig.francis@gmail.com>, blink-dev <blink-dev@chromium.org>, Jiri Danek <softwaredevjirka@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, security-dev <security-dev@chromium.org>, "mozilla-dev-security@lists.mozilla.org" <mozilla-dev-security@lists.mozilla.org>
> Only mild comment I'd make is that the whole '****' thing is soooo 1980s. I'm specifically talking about university terminal labs, where students would shoulder surf to steal accounts. These days, people want (need) to see the passwords in clear on the screen because they are so bloody difficult to type because they have to read an 8 hieroglyph masterpiece out of a paper or phone record to keep them secure. IE addresses this well. Password fields default to not displaying entered text, but users can click to make that field visible again. This is an example of tiny decrease in security for a major increase in usability. -- Jim Manico @Manicode (808) 652-3805 -- Jim Manico @Manicode (808) 652-3805 > Only mild comment I'd make is that the whole '****' thing is soooo 1980s. I'm specifically talking about university terminal labs, where students would shoulder surf to steal accounts. These days, people want (need) to see the passwords in clear on the screen because they are so bloody difficult to type because they have to read an 8 hieroglyph masterpiece out of a paper or phone record to keep them secure.
Received on Saturday, 3 January 2015 20:52:35 UTC