[kde-guidelines] Password Field

Fri Dec 6 13:58:32 UTC 2013

Am Freitag, 6. Dezember 2013, 14:21:44 schrieb Aaron J. Seigo:
> On Friday, December 6, 2013 14:00:40 Heiko Tietze wrote:
> > On Friday 06 December 2013, 13:45:31 Aaron J. Seigo wrote:
> > > > ** When setting a new password, have it entered twice to prevent typos
> > > > in
> > > > passwords.
> > > 
> > > horribly annoying imho
> > 
> > Not when it comes to security ;-)
> 
> ah, when *changing* a password? yes, that makes sense. i was thinking about
> entering new passwords to connect to, e.g. wifi. my bad.

Actually I am not such a big fan of the double entry security myself. If I 
should have switched e.g. Caps Lock on, the two passwords are actually the 
same - even though I won't be able to enter the password the next time 
correctly. 

What do you think - would we still need the double entry of a NEW password, 
when we can choose to show the password inline?

> > > > ** Provide a "Show password" check box to unmask the password both
> > > > when
> > > > setting new and when entering existing passwords.
> > > 
> > > yeah, and then we have these checkboxes everywhere taking up more space
> > > and
> > > providing more clutter. it’s possible, but i like Björn’s suggestion of
> > > something in the line itself. could use, e.g, an eye icon or other
> > > imagery
> > > that works (requires testing)

This was actually the start for my thoughts. When designing on the 
networkmanager, this horrible 'show the password' line simply gets in the way 
all of the time :) - so a more compact solution would be great.

> > The coffee shop next door uses a whole, less meaningful sentence as
> > password. Something like 'diekuhliefumdenteichundfieldannrein'. Would be
> > hard to make sure that it was typed right when I see the last letter only.
> > And it couldn't get validated by the waitress.
> 
> "i like Björn’s suggestion of something in the line itself."

Kai Uwe pointed me to the fact that Windows 8 is using something like that, 
e.g. [1].

I am really not sure whether we need this 'show last digit' thing -  I would 
like to hear other opinions about it.

> one thing to keep in mind is that this is a global setting that may need
> frequent changes. it also feels like a “micro-managing” configuration. it
> might be better to be able to set a general privacy/security policy
> somewhere (e.g. a panel icon) to switch between public/private usage.
> really feels a lot like activities, though with a different granularity.

There is some correspondence to activities - but I guess they do not match 
100%. I am still puzzled about how to configure it. At the moment I would 
simply suggest to keep the last setting and hence have no configuration. There 
is not a lot of potential harm, because (at least if I look at the screen) I 
immediately see whether the password is shown or not. I can then easily toggle 
the state.

If there are other related features though, we could still introduce some sort 
of 'security policy' to set more than only the visibility of password fields.

Cheers,
Björn

[1[ http://blogs.technet.com/b/next/archive/2012/11/12/little-details-windows-8-passwords.aspx