[kde-guidelines] Password Field
Björn Balazs
b at lazs.de
Fri Dec 6 13:58:32 UTC 2013
Am Freitag, 6. Dezember 2013, 14:21:44 schrieb Aaron J. Seigo:
> On Friday, December 6, 2013 14:00:40 Heiko Tietze wrote:
> > On Friday 06 December 2013, 13:45:31 Aaron J. Seigo wrote:
> > > > ** When setting a new password, have it entered twice to prevent typos
> > > > in
> > > > passwords.
> > >
> > > horribly annoying imho
> >
> > Not when it comes to security ;-)
>
> ah, when *changing* a password? yes, that makes sense. i was thinking about
> entering new passwords to connect to, e.g. wifi. my bad.
Actually I am not such a big fan of the double entry security myself. If I
should have switched e.g. Caps Lock on, the two passwords are actually the
same - even though I won't be able to enter the password the next time
correctly.
What do you think - would we still need the double entry of a NEW password,
when we can choose to show the password inline?
> > > > ** Provide a "Show password" check box to unmask the password both
> > > > when
> > > > setting new and when entering existing passwords.
> > >
> > > yeah, and then we have these checkboxes everywhere taking up more space
> > > and
> > > providing more clutter. it’s possible, but i like Björn’s suggestion of
> > > something in the line itself. could use, e.g, an eye icon or other
> > > imagery
> > > that works (requires testing)
This was actually the start for my thoughts. When designing on the
networkmanager, this horrible 'show the password' line simply gets in the way
all of the time :) - so a more compact solution would be great.
> > The coffee shop next door uses a whole, less meaningful sentence as
> > password. Something like 'diekuhliefumdenteichundfieldannrein'. Would be
> > hard to make sure that it was typed right when I see the last letter only.
> > And it couldn't get validated by the waitress.
>
> "i like Björn’s suggestion of something in the line itself."
Kai Uwe pointed me to the fact that Windows 8 is using something like that,
e.g. [1].
I am really not sure whether we need this 'show last digit' thing - I would
like to hear other opinions about it.
> one thing to keep in mind is that this is a global setting that may need
> frequent changes. it also feels like a “micro-managing” configuration. it
> might be better to be able to set a general privacy/security policy
> somewhere (e.g. a panel icon) to switch between public/private usage.
> really feels a lot like activities, though with a different granularity.
There is some correspondence to activities - but I guess they do not match
100%. I am still puzzled about how to configure it. At the moment I would
simply suggest to keep the last setting and hence have no configuration. There
is not a lot of potential harm, because (at least if I look at the screen) I
immediately see whether the password is shown or not. I can then easily toggle
the state.
If there are other related features though, we could still introduce some sort
of 'security policy' to set more than only the visibility of password fields.
Cheers,
Björn
[1[ http://blogs.technet.com/b/next/archive/2012/11/12/little-details-windows-8-passwords.aspx
More information about the kde-guidelines
mailing list