Security and stupidity
Okay, I’ll rise to the [http://www.useit.com/alertbox/passwords.html bait].
You can’t be serious. There are often people seeing what you type, besides which, if this was adopted then people would _start_ looking. When I’m assisting someone on a computer and they are at a password prompt, I even go to the lengths of looking away – very pointedly moving my whole head not just my eyes so that they know I’m not looking.
Of course, I’m a sysadmin and a geek – if I _really_ wanted their password I probably could.
Posted: June 25th, 2009 under Life Rants.
Comments: 3
Comments
Comment from adrian
Time: Sunday 28 June, 2009, 20:42
Interesting. I certainly value Bruce’s opinion. His main argument seems to be “reduce typing mistakes”. Since I touch type that’s not an issue for me. In fact, I don’t see why it’s a big issue for anyone really. I don’t mind some information being given away (number of characters I’ve typed for example is fine, I certainly don’t advocate removing all feedback), however I wouldn’t want my password to be displayed on the screen for anyone to see.
Of course dropping the password requirement would be even better – perhaps we’ll be able to use biometrics at some point. Fingerprints via OpenID perhaps?
Comment from Adrian Bridgett
Time: Tuesday 7 July, 2009, 16:33
Interestingly, Bruce has changed his mind – or rather said that some feedback (such as displaying characters briefly) would be more sensible:
http://www.theregister.co.uk/2009/07/07/security_guru_password_retraction/
Comment from Adam Trickett
Time: Friday 26 June, 2009, 16:43
Bruce Schneier also thinks it’s a good idea and he is a man to generally agree with on security topics…
http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html