MarkusFreitag
commented
4 years ago Hi axetroy, could you please provide a bit more context? There is already a component for password inputs https://github.com/AlecAivazis/survey#password
Closed axetroy closed 4 years ago
MarkusFreitag
commented
4 years ago Hi axetroy, could you please provide a bit more context? There is already a component for password inputs https://github.com/AlecAivazis/survey#password
axetroy
commented
4 years ago @MarkusFreitag
By default, the password input box should be hidden.
This behavior is consistent with the password input of unix
MarkusFreitag
commented
4 years ago Ah, you mean that also the "star" placeholder chars should be hidden?
axetroy
commented
4 years ago @MarkusFreitag yes. This is to prevent the password length from being known by others, thus violently cracking.
MarkusFreitag
commented
4 years ago Yeah, I totally understand your point. @AlecAivazis What do you think?
AlecAivazis
commented
4 years ago Hey @axetroy - thanks for the submission. I appreciate your desire to make survey as secure as possible. I spent a good amount of time looking at discussions online for this and came to the conclusion that it is a false sense of security since someone who is careful enough to quickly count the number of letters you typed would also be able to hear your keyboard or any number of other ways to get your password.
This password prompt has been designed this way for a few years now without anyone saying anything. If you feel as if this is crucial for your product, you should be able to make a custom Prompt that does not show the input. If you need help doing so, feel free to reach out.
szh
commented
1 year ago This would be solved in #482
Entering passwords under Unix is invisible, which is also for security reasons.