UI security topic: UI for private activities

Thomas Pfeiffer colomar at autistici.org
Tue Jan 17 10:43:44 UTC 2012 

> I was wondering if its better to rather have a checkbox to show the
entered password. Typing them two times on a virtual keyboard is
cumbersome, isn't it?

Especially in the mobile context, shoulder surfing is a big problem. So if
a user wants to create a private activity in a public location, she has a
problem.
Plus, I'm generally in favor of retyping passwords, since even if you can
see them, it's still easy for a typo to sneak in if you try to create  a
secure password. 
Humans are only good at spotting typos in known words, not in arbitrary
strings. And having an unrecoverably encrypted activity isn't a good
thing.
We should still offer the "show password" checkbox to be used in a private
location so in case of a mismatch, the user can find the typo more easily.
This
is generally a good idea, but it does not replace the retype box on
password creation.

As for the cumbersomeness: This is much less of a problem during password
creation - as you only do that once - than for opening the activity. It
will be very
annoying to have to enter a password using a virtual keyboard every time
you want to open a private activity.
And this leads again to a topic we had already discussed previously:
Graphical passwords.
I'm still in favor of a graphical password solution since they
a) Have proven to result in better trade-offs between security and
memorability (I can provide studies in case of doubt)
b) Are much better suited for a touchscreen device than textual ones
They have their own problems, sure, but they are better than textual ones
(unless user apply very sophisticated methods for creating secure and
memorably passwords).

A graphical password would probably have to be translated into a textual
one for use with encfs, but that shouldn't be too much of a problem.

Since some of my colleagues are currently researching on password systems,
they can surely recommend proven graphical password methods so we don't
have
to invent one from scratch.
We should benefit from scientific advances on this field instead of
sticking with stuff that works fine for users with some security
knowledge, but was shown
not work well for the average user.

Regards,
Thomas

More information about the Active mailing list