Closed polycryptoblog closed 5 years ago
this poses a security threat if you're in a public place there's a reason why pw fields are usually masked on any websites
How many people are typing a 24 word passphrase in a public place? Pretty hard to shoulder surf that as well. Not to mention one could just click the eye again to mask it if they are concerned about it. These new users are not used to typing in long phrases, also i have noticed that if you wait a little after typing a space it will backspace. I believe part of the issue is when they are typing the passphrase in, they trip this mechanism and when they think they are typing "apple duck birch keys" they are actually typing "appleduck birch keys"
I've dealt with a dozen or so people in the past few days that had issue with this, yes it is user stupidity, but that's why we have to make it stupid proof
Is this ok to close?
Yes I think this issues should to be closed with wontfix
labels.
There is good security reasons to use hidden text by the default.
In Agama's passphrase input screen there is an option by clicking on the eye to render the text you are inputting as visible. Currently the default mode is obscured text. (****) The default mode should be visible text. Numerous complaints from users losing or mistyping or incorrectly saving their passphrase. This simple change can mitigate this drastically.