[Python-ideas] Password masking for getpass.getpass
Steven D'Aprano
steve at pearwood.info
Wed Jan 13 05:04:43 EST 2016
On Wed, Jan 13, 2016 at 01:22:02PM +1100, Chris Angelico wrote:
> On Wed, Jan 13, 2016 at 1:17 PM, Oleg Broytman <phd at phdru.name> wrote:
> > Hi!
> >
> > On Wed, Jan 13, 2016 at 12:54:14PM +1100, Steven D'Aprano <steve at pearwood.info> wrote:
> >> The old convention on Linux and Unix is to just suppress all feedback,
> >> but even on Linux GUI applications normally show bullets ??? or asterisks.
> >
> > Modern GUIs show the real character for a short period of time and
> > then replace it with an asterisk.
>
> Ugh. I've only seen that on mobile devices, not on any desktop GUI,
> and I think it's a sop to the terrible keyboards they have. I hope
> this NEVER becomes a standard on full-sized computers with real
> keyboards.
I don't know... I'm about 35% convinced that obfuscating the password is
just security theatre. I'm not sure that "shoulder surfing" of passwords
is a significant threat.
But the other 65% tells me that we should continue to obfuscate.
--
Steve
More information about the Python-ideas
mailing list