[kde-guidelines] [KDE Usability] Password Field

Martin Klapetek martin.klapetek at gmail.com
Sun Dec 8 10:56:39 UTC 2013 

On Sat, Dec 7, 2013 at 7:28 PM, Thomas Pfeiffer <colomar at autistici.org>wrote:

> On Saturday 07 December 2013 18:08:23 Sune Vuorela wrote:
> > On 2013-12-07, Björn Balazs <b at lazs.de> wrote:
> > > I assume that the environment does not change that often. When I work
> in a
> > > train (and hence want to hide passwords) I do this for quite some
> time. So
> > > I thought I might be a good idea to keep the last state. Also there is
> > > not a lot of potential harm, as you immediately see whether the
> password
> > > is shown or not - so you can toggle the mode to the desired state.
> > >
> > > The idea is to be convenient - which most of the time somehow
> interferes
> > > with security.
> >
> > I'd love to be able to toggle the password visibility in more cases than
> > it currently is possible today. So yes. Toggle buttons everywhere.
> >
> > And let it default to being 'stars' or similar symbols. Security trumps
> > convenience. We can't let users having their password snooped by the
> > co-passengers or co-workers or just people who pass by you while sitting
> in
> > a Cofe.
>
> Unless we assume people are stupid, we can assume that they will set it to
> masking again once they go to a public place, can't we? And even if they
> forget, they should notice after the first characters appear.
>

I see two problems with this - people are used to password fields always
showing the "password symbol" (star, dot, big dot etc..). Combine this with
fast typing people, who just click the password field and basically have
the whole password typed in in under a second. So even if you would notice
the password is clearly visible, it might already be too late because
you're writing the password from your muscle memory, and it takes us ~1.5s
to react and change your typing because you realized the password is
visible.

So - fast typing people would notice, but would write the whole password
before reacting.

Furthermore, remembering the option would result in people /always/ doing
one additional mental step before inputting password - check if it's
visible or not, possibly combined with "am I in a safe environment -> no ->
is my password visible". And I wouldn't want that. As Albert noted below,
no other platform does that. And I would just hate thinking everytime I'm
putting a password if it's visible and if it /can/ be visible at the moment.

So -1 to remembering the option from me.

Cheers
-- 
Martin Klapetek | KDE Developer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-guidelines/attachments/20131208/986adaad/attachment-0001.html>

More information about the kde-guidelines mailing list