tag:blogger.com,1999:blog-7771267910183057352.post3726071521380826469..comments2022-06-22T08:37:12.450-04:00Comments on NonNotableNatterings: Password masking considered harmful?Larhttp://www.blogger.com/profile/10988249900130732281noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-7771267910183057352.post-58258455115299465572012-08-20T17:57:53.815-04:002012-08-20T17:57:53.815-04:00This is just dumb, sorry to say it the hard way. T...This is just dumb, sorry to say it the hard way. There are lots of viruses out that record your screen, or make screenshots, and send them to the botnet admin. If you're typing in a password on a very important site, that botnet admin could see it.<br /><br />Also, I heard something about Linux and not showing passwords.. That's indeed when using a Terminal. When using a GUI on Linux, you can perfectly see the asterisks appear.<br /><br />The asterisks and password don't appear on a Linux terminal because those machines, mainly servers, should be very secure. It might not be user friendly, but it doesn't have to be user friendly because "users" don't have to log in using SSH or a Terminal. Coming back to your comment, you should understand that passwords should never, ever be seen on, for example, Google's servers, or perhaps the server this Blog is run on. That's one of the reasons they're hidden. When seeing asterisks, someone 'looking over your shoulder', or camera's in the Data Center, know how long the password is. Knowing the length makes it easier to do a brute force attack.<br /><br />Conclusion: let's be happy with the way our passwords are being handled client-side.robbietjuhhttps://www.blogger.com/profile/16948963536387584130noreply@blogger.comtag:blogger.com,1999:blog-7771267910183057352.post-4682611569495673482009-08-09T20:48:37.970-04:002009-08-09T20:48:37.970-04:00I totally agree (although if I get interrupted whi...I totally agree (although if I get interrupted while typing a password I generally blank it out & start again to be certain).<br /><br />The other useless thing that's been showing up on lots of sites lately is having to confirm your EMAIL when signing up - what's with that? Do they think people can't read what they've typed these days???Unknownhttps://www.blogger.com/profile/15243697296612581786noreply@blogger.comtag:blogger.com,1999:blog-7771267910183057352.post-52598861020339966632009-07-03T13:44:13.019-04:002009-07-03T13:44:13.019-04:00If you think that's bad. On a Unix-like comman...If you think that's bad. On a Unix-like command prompt, when you're entering a password, you get nothing. Not even asterisks (or bullets, as they appear on Windows XP). If you want to start over with entering your password on such a system, you're best off hitting backspace several thousand times.MessedRockerhttps://www.blogger.com/profile/02601655940074236164noreply@blogger.com