Closed axetroy closed 4 years ago
Hi axetroy, could you please provide a bit more context? There is already a component for password inputs https://github.com/AlecAivazis/survey#password
@MarkusFreitag
By default, the password input box should be hidden.
This behavior is consistent with the password input of unix
Ah, you mean that also the "star" placeholder chars should be hidden?
@MarkusFreitag yes. This is to prevent the password length from being known by others, thus violently cracking.
Yeah, I totally understand your point. @AlecAivazis What do you think?
Hey @axetroy - thanks for the submission. I appreciate your desire to make survey as secure as possible. I spent a good amount of time looking at discussions online for this and came to the conclusion that it is a false sense of security since someone who is careful enough to quickly count the number of letters you typed would also be able to hear your keyboard or any number of other ways to get your password.
This password prompt has been designed this way for a few years now without anyone saying anything. If you feel as if this is crucial for your product, you should be able to make a custom Prompt that does not show the input. If you need help doing so, feel free to reach out.
This would be solved in #482
Entering passwords under Unix is invisible, which is also for security reasons.