Site menu:

Sponsored by

Bitcube Ltd.  Expert Linux Consultancy

Categories

Meta

Site search

 

June 2009
M T W T F S S
« May   Jul »
1234567
891011121314
15161718192021
22232425262728
2930  

Archives

Links:

Security and stupidity

Okay, I’ll rise to the [http://www.useit.com/alertbox/passwords.html bait].

You can’t be serious. There are often people seeing what you type, besides which, if this was adopted then people would _start_ looking. When I’m assisting someone on a computer and they are at a password prompt, I even go to the lengths of looking away – very pointedly moving my whole head not just my eyes so that they know I’m not looking.

Of course, I’m a sysadmin and a geek – if I _really_ wanted their password I probably could.

Comments

Comment from Adam Trickett
Time: Friday 26 June, 2009, 16:43

Bruce Schneier also thinks it’s a good idea and he is a man to generally agree with on security topics…

http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html

Comment from adrian
Time: Sunday 28 June, 2009, 20:42

Interesting. I certainly value Bruce’s opinion. His main argument seems to be “reduce typing mistakes”. Since I touch type that’s not an issue for me. In fact, I don’t see why it’s a big issue for anyone really. I don’t mind some information being given away (number of characters I’ve typed for example is fine, I certainly don’t advocate removing all feedback), however I wouldn’t want my password to be displayed on the screen for anyone to see.

Of course dropping the password requirement would be even better – perhaps we’ll be able to use biometrics at some point. Fingerprints via OpenID perhaps?

Comment from Adrian Bridgett
Time: Tuesday 7 July, 2009, 16:33

Interestingly, Bruce has changed his mind – or rather said that some feedback (such as displaying characters briefly) would be more sensible:

http://www.theregister.co.uk/2009/07/07/security_guru_password_retraction/