[kde-guidelines] Password Field

Fri Dec 6 21:27:20 UTC 2013

On Friday 06 December 2013 15:20:23 Aaron J. Seigo wrote:
> On Friday, December 6, 2013 14:58:32 Björn Balazs wrote:
> > Actually I am not such a big fan of the double entry security myself. If I
> > should have switched e.g. Caps Lock on, the two passwords are actually the
> > same - even though I won't be able to enter the password the next time
> > correctly.
> 
> that’s a really good point.
> 
> hell i’ve managed to mistype a password the same way twice before :P
> 
> > What do you think - would we still need the double entry of a NEW
> > password,
> > when we can choose to show the password inline?
> 
> probably not, though typos can still make it in. would need testing over
> time, but i like the idea of the “just show me my damn password” :)

What we have to prevent is people creating a new password with a single masked 
entry, especially since in the rare cases where you set a password locally 
(which is where that HIG would apply mostly), there is no "I forgot my 
password" option. I am open to any solution which does that.
Just completely disabling the masking wherever a new password is set and 
preventing changing a password while the field is masked would be a viable 
solution, thought it would mean that people cannot set new passwords while in 
a public space.
Personally, I would even be okay with showing a re-type field only if the 
original field is masked, but showing/hiding the re-type field when the 
original one is masked/unmasked might feel weird.

> > This was actually the start for my thoughts. When designing on the
> > networkmanager, this horrible 'show the password' line simply gets in the
> > way all of the time :) - so a more compact solution would be great.
> 
> +100

I'm fine with an inline masking control. As long as we do have that control 
and people notice it, I don't have a strong opinion on where it's positioned 
or what it looks like.

> > > > The coffee shop next door uses a whole, less meaningful sentence as
> > > > password. Something like 'diekuhliefumdenteichundfieldannrein'. Would
> > > > be
> > > > hard to make sure that it was typed right when I see the last letter
> > > > only.
> > > > And it couldn't get validated by the waitress.
> > > 
> > > "i like Björn’s suggestion of something in the line itself."
> > 
> > Kai Uwe pointed me to the fact that Windows 8 is using something like
> > that,
> > e.g. [1].
> > 
> > I am really not sure whether we need this 'show last digit' thing -  I
> > would like to hear other opinions about it.
> 
> imho, it should be sth we add only if it turns out to be actually needed.
> 
> > simply suggest to keep the last setting and hence have no configuration.
> > There is not a lot of potential harm, because (at least if I look at the
> > screen) I immediately see whether the password is shown or not. I can then
> > easily toggle the state.

+1 for not having a config option.