[Python-ideas] Password masking for getpass.getpass
Muhammad Ahmed Khalid
khali119 at umn.edu
Thu Jan 14 05:07:54 EST 2016
Regarding the issue of people looking at the user typing in the password.
Unless the person looking is right next to the user, it doesn't really
matter if they look at the screen, because if password masking is enabled
they will only see the masking characters.
If the person looking is right next to the user then that person can just
look at the keyboard and the keys being pressed.
Also the main issue here is that there should be a choice provided by the
getpass function to provide feedback or not.
On Thu, Jan 14, 2016 at 3:50 AM, Georg Brandl <g.brandl at gmx.net> wrote:
> On 01/13/2016 11:04 AM, Steven D'Aprano wrote:
> > On Wed, Jan 13, 2016 at 01:22:02PM +1100, Chris Angelico wrote:
> >> On Wed, Jan 13, 2016 at 1:17 PM, Oleg Broytman <phd at phdru.name> wrote:
> >> > Hi!
> >> >
> >> > On Wed, Jan 13, 2016 at 12:54:14PM +1100, Steven D'Aprano <
> steve at pearwood.info> wrote:
> >> >> The old convention on Linux and Unix is to just suppress all
> feedback,
> >> >> but even on Linux GUI applications normally show bullets ??? or
> asterisks.
> >> >
> >> > Modern GUIs show the real character for a short period of time and
> >> > then replace it with an asterisk.
> >>
> >> Ugh. I've only seen that on mobile devices, not on any desktop GUI,
> >> and I think it's a sop to the terrible keyboards they have. I hope
> >> this NEVER becomes a standard on full-sized computers with real
> >> keyboards.
> >
> > I don't know... I'm about 35% convinced that obfuscating the password is
> > just security theatre. I'm not sure that "shoulder surfing" of passwords
> > is a significant threat.
>
> This might not apply for people working from home, but at work I regularly
> enter my own password or passwords for other systems with other people
> intentionally looking over my shoulder (e.g. pair-programming, debugging,
> confirming error reports etc.) Should I ask them to look away from the
> screen each time?
>
> cheers,
> Georg
>
> _______________________________________________
> Python-ideas mailing list
> Python-ideas at python.org
> https://mail.python.org/mailman/listinfo/python-ideas
> Code of Conduct: http://python.org/psf/codeofconduct/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20160114/202f8902/attachment-0001.html>
More information about the Python-ideas
mailing list