[Python-ideas] Password masking for getpass.getpass
Georg Brandl
g.brandl at gmx.net
Thu Jan 14 04:50:09 EST 2016
On 01/13/2016 11:04 AM, Steven D'Aprano wrote:
> On Wed, Jan 13, 2016 at 01:22:02PM +1100, Chris Angelico wrote:
>> On Wed, Jan 13, 2016 at 1:17 PM, Oleg Broytman <phd at phdru.name> wrote:
>> > Hi!
>> >
>> > On Wed, Jan 13, 2016 at 12:54:14PM +1100, Steven D'Aprano <steve at pearwood.info> wrote:
>> >> The old convention on Linux and Unix is to just suppress all feedback,
>> >> but even on Linux GUI applications normally show bullets ??? or asterisks.
>> >
>> > Modern GUIs show the real character for a short period of time and
>> > then replace it with an asterisk.
>>
>> Ugh. I've only seen that on mobile devices, not on any desktop GUI,
>> and I think it's a sop to the terrible keyboards they have. I hope
>> this NEVER becomes a standard on full-sized computers with real
>> keyboards.
>
> I don't know... I'm about 35% convinced that obfuscating the password is
> just security theatre. I'm not sure that "shoulder surfing" of passwords
> is a significant threat.
This might not apply for people working from home, but at work I regularly
enter my own password or passwords for other systems with other people
intentionally looking over my shoulder (e.g. pair-programming, debugging,
confirming error reports etc.) Should I ask them to look away from the
screen each time?
cheers,
Georg
More information about the Python-ideas
mailing list