

Schneier says he was 'probably wrong' on masked passwords - prodigal_erik
http://www.theregister.co.uk/2009/07/07/security_guru_password_retraction/

======
huhtenberg
I don't really know what the fuss is about since the simplest solution is the
most obvious one. Masking should be optional, it should be enabled by default
and controlled by the checkbox next to the entry field.

~~~
wmeredith
Ick. Since you don't see what all the fuss is about, you're going to put
another doodad between your user and conversion. Ask an online business that
does any sort of volume at all: this is bad.

Web forms are where the usability rubber hits the road online. When adding an
item to your form you should always be of the mind set that this extra step
(optional or not) _will_ lose you conversions, but you have to have it because
of _X_. This forces you to justify placing item _X_ , which in this case is
the unmask password option. Is having an option to unmask the password field
going to gain you more conversions than not? I have no data, just anecdotes
and experience, but those all tell me no.

Putting a check box next to the entry field is putting GUI decisions on your
user because you can't figure it out, and it will lose you conversions.

EDIT: Re-reading this it sounds like personal attack on the OC. It's not. I'm
using the universal you.

~~~
zcrar70
There is no 'universal you' - but there is 'one', which exists for exactly
that purpose...

------
keyist
Why is this still an issue?

The problem of displaying passwords has been solved by Unix years ago: do not
show any visual feedback whatsoever. Security over convenience.

The problem of storing and subsequent input of random secure passwords has
also been solved by Schneier and others via pwsafe and variants thereof. No
worries about mistyping at all.

For special cases like Blackberry-type gadgets, what is needed is simply a
port of pwsafe.

------
comice
I wonder how this affects Schneier Facts: <http://www.schneierfacts.com>

~~~
GavinB
"Most people use passwords. Some people use passphrases. Bruce Schneier uses
an epic passpoem, detailing the life and works of seven mythical Norse
heroes."

Given this fact, it's not too hard to see why he would have come out against
masking . . .

------
prodigal_erik
(this is a followup to <http://news.ycombinator.com/item?id=676480>)

------
pclark
_Don't_ make it optional. Security over convenience.

I blogged about this here: <http://is.gd/1wVja>

------
ahoyhere
On our signup form for our time tracking service, the password fields are
clear text, with a checkbox available to hide it that says "I'm being
watched!"

Because... the credit card numbers are also clear text.

People on HN, for example, will have a freakout about the password but never
the credit card number. It's extremely unusual to shield a credit card number
on entry, because of mistakes.

We chose to treat passwords the same way.

~~~
pavel_lishin
I think it's much harder to memorize a 16 digit number rather than a (usually)
mnemonic password.

------
onreact-com
Just make password masking a choice. For many people working mostly at home
the only person "shoulder surfing" will be a family member. Masking passwords
is really an annoyance. I don't want to know how many hours get wasted on
retyping passwords over the years. Also people tend to save passwords to
overcome the typing annoyance thus making them less secure.

------
TheAmazingIdiot
Well, has anybody thought that both decisions are right?

I mean, sometimes you _really_ are alone, with nobody shoulder surfing, and
password masking is damned annoying. So, why not a check-box to turn masking
off? And for the paranoid/security conscious, we can default mask on.

Think: "Middle Path".

~~~
inerte
So, every time I type my password I should check that nobody is behind me?
Look to the right, look to the left, look behind, type one key. Look to the
right, look to the left, look behind, type one key. Look to the right, look to
the left, look behind, type one key.

"Mask-on by default" means no regular user will ever uncheck. I think you
greatly overstimate people's security knowledge, not to mention UI.

~~~
TheAmazingIdiot
Then perhaps you need to re-read what I said.

By default, the masking would be enabled. All you see are " __ __*".

If however, you have some nasty password and you are in a safe location, you
can do_action and turn off stars to "12345".

~~~
inerte
No regular user would ever turn the masking off. They simply don't click on
these additional options. Heck, they don't even understand why it's there. Can
you explain what's the checkbox's purpose? Why and when should it be turned
off?

As a security expert, you should provide what's more secure, even if that
means recognizing the users are too dumb to follow your rules.

~~~
staunch
You're basing your opinion on no data, I presume? I'd bet that some users
absolutely would turn off the masking, if you made it easy/clear enough.

~~~
timcederman
Really? If they're attentive enough to turn off masking, why wouldn't they
just enter their password into notepad and then copy/paste?

~~~
huhtenberg
Because it's less convenient.

