registry team mailing list archive

Thread
Date

[Bug 194472] Re: Entering password in Terminal gives no visual feedback

To: registry@xxxxxxxxxxxxxxxxxxx
From: aysiu <194472@xxxxxxxxxxxxxxxxxx>
Date: Wed, 22 Sep 2010 00:05:08 -0000
Reply-to: Bug 194472 <194472@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Can we put the "shoulder surfer" myth to bed once and for all?

First of all, if your password is of any considerable length, there's no
way the human eye can tell the difference between 11 asterisks and 13
asterisks in the blink of an eye. And if your password is 12 or 13
characters long, it'll take nearly forever to crack anyway if length
alone is the only thing you know.

Secondly, anyone standing behind you can count keyboard clicks better
than counting asterisks and have the bonus of seeing at least some of
the keys you're pressing or at the very least which sides of the
keyboard you favor at different parts of your password.

If someone is standing over your shoulder, not getting visual feedback
doesn't mean staying secure. Shoo that person away, seriously.

-- 
Entering password in Terminal gives no visual feedback
https://bugs.launchpad.net/bugs/194472
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for sudo.