[issue32884] Adding the ability for getpass to print asterisks when passowrd is typed
Steven D'Aprano
report at bugs.python.org
Wed Jun 5 23:14:56 EDT 2019
Steven D'Aprano <steve+python at pearwood.info> added the comment:
See also #36566. (Thanks Cheryl.)
I think the usability improvement for this far outweigh the decrease in security.
The days where somebody looking over your shoulder watching you type your password was the major threat are long gone. Hiding the length of the password against a shoulder-surfing adversary is so-1970s :-)
For old-school Unix types we ought to default to hiding the password. But I'm +1 in allowing developers to choose to trade off a tiny decrease in security against a major increase in usability.
The bottom line is that if you have a weak password, hiding the length won't save you; if you have a strong password, hiding the length doesn't add any appreciable difficulty to the attacker.
----------
nosy: +steven.daprano
versions: +Python 3.9 -Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32884>
_______________________________________
More information about the Python-bugs-list
mailing list