[kde-guidelines] [KDE Usability] Password Field

Björn Balazs b at lazs.de
Mon Dec 9 10:54:36 UTC 2013 

I just started a poll [1] via the planet to get some feedback from a broader 
audience on the ideas.

Cheers,
Björn

[1] http://user-prompt.com/?p=4335



Am Sonntag, 8. Dezember 2013, 17:43:04 schrieb Thomas Pfeiffer:
> On Sunday 08 December 2013 11:55:56 Martin Klapetek wrote:
> > On Sat, Dec 7, 2013 at 7:28 PM, Thomas Pfeiffer
> 
> <colomar at autistici.org>wrote:
> > > On Saturday 07 December 2013 18:08:23 Sune Vuorela wrote:
> > > > On 2013-12-07, Björn Balazs <b at lazs.de> wrote:
> > > > > I assume that the environment does not change that often. When I
> > > > > work
> > > 
> > > in a
> > > 
> > > > > train (and hence want to hide passwords) I do this for quite some
> > > 
> > > time. So
> > > 
> > > > > I thought I might be a good idea to keep the last state. Also there
> > > > > is
> > > > > not a lot of potential harm, as you immediately see whether the
> > > 
> > > password
> > > 
> > > > > is shown or not - so you can toggle the mode to the desired state.
> > > > > 
> > > > > The idea is to be convenient - which most of the time somehow
> > > 
> > > interferes
> > > 
> > > > > with security.
> > > > 
> > > > I'd love to be able to toggle the password visibility in more cases
> > > > than
> > > > it currently is possible today. So yes. Toggle buttons everywhere.
> > > > 
> > > > And let it default to being 'stars' or similar symbols. Security
> > > > trumps
> > > > convenience. We can't let users having their password snooped by the
> > > > co-passengers or co-workers or just people who pass by you while
> > > > sitting
> > > 
> > > in
> > > 
> > > > a Cofe.
> > > 
> > > Unless we assume people are stupid, we can assume that they will set it
> > > to
> > > masking again once they go to a public place, can't we? And even if they
> > > forget, they should notice after the first characters appear.
> > 
> > I see two problems with this - people are used to password fields always
> > showing the "password symbol" (star, dot, big dot etc..). Combine this
> > with
> > fast typing people, who just click the password field and basically have
> > the whole password typed in in under a second. So even if you would notice
> > the password is clearly visible, it might already be too late because
> > you're writing the password from your muscle memory, and it takes us ~1.5s
> > to react and change your typing because you realized the password is
> > visible.
> > 
> > So - fast typing people would notice, but would write the whole password
> > before reacting.
> > 
> > Furthermore, remembering the option would result in people /always/ doing
> > one additional mental step before inputting password - check if it's
> > visible or not, possibly combined with "am I in a safe environment -> no
> > ->
> > is my password visible". And I wouldn't want that. As Albert noted below,
> > no other platform does that. And I would just hate thinking everytime I'm
> > putting a password if it's visible and if it /can/ be visible at the
> > moment.
> > 
> > So -1 to remembering the option from me.
> > 
> > Cheers
> 
> Okay, it seems there is a strong majority for always defaulting to masking.
> That's not my preference, but "security first" is fine with me.
> _______________________________________________
> kde-guidelines mailing list
> kde-guidelines at kde.org
> https://mail.kde.org/mailman/listinfo/kde-guidelines

More information about the kde-guidelines mailing list