D9040: Revert "[Lock Screen / Login] Add "reveal password button""

Martin Flöser noreply at phabricator.kde.org
Wed Nov 29 16:42:16 UTC 2017 

graesslin added a comment.


  In https://phabricator.kde.org/D9040#173465, @ngraham wrote:
  
  > On most touch platforms, only the last character in password prompts is revealed, one-at-a-time. It might make more sense to implement that than to keep the reveal button.
  
  
  On touch platforms: yes, but this is hybrid. Do you want your password being revealed on a big screen when entering with keyboard? Probably not. Thus the reveal button is a better solution than reveal while typing in this case.
  
  People here know that I'm a security fanatic. And I honestly fail to see the issue with the button. Yes, if you enter half your password and move away someone else could reveal your password. Similar if you mistype and move away someone could see your password. This is a highly unrealistic scenario and doesn't allow to get the real password. It's only a problem if you use a password like 08041985 (my birthday) and someone would know that 09041985 has an obvious error. If you use such kind of password it doesn't matter at all: your friends will be able to break it.
  
  Yes I see the concerns, but just because there are concerns means we need to destroy the usability here. Security and usability are always in conflict with each other and one needs to find the right level. Sometimes the security should win, sometimes the usability. In this case usability should win. If there are valid security concerns we should address them. I could imagine:
  
  - show info that the password got revealed
  - clear the text fields after certain amount of inactivity
  - clear the text field after incorrect password
  - make button not clickable, but only on touch (might not work on X, but heck)

REPOSITORY
  R120 Plasma Workspace

BRANCH
  master

REVISION DETAIL
  https://phabricator.kde.org/D9040

To: davidedmundson, broulik
Cc: graesslin, ngraham, broulik, plasma-devel, ZrenBot, progwolff, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20171129/6172ed24/attachment.html>

More information about the Plasma-devel mailing list