Fedora 19 To Stop Masking Passwords

← Back to Stories (view on slashdot.org)

Fedora 19 To Stop Masking Passwords

Posted by timothy on Saturday May 4, 2013 @01:24AM from the dot-dot-dot-dot dept.

First time accepted submitter PAjamian writes "Maintainers of the Anaconda installer in Fedora have taken it upon themselves to show passwords in plaintext on the screen as they are entered into the installer. Following on the now recanted statements of security expert Bruce Schneier, Anaconda maintainers have decided that it is not a security risk to show passwords on your screen in the latest Alpha release of Fedora 19. Members of the Fedora community on the Fedora devel mailing list are showing great concern over this change in established security protocols." Note: the change was first reported in the linked thread by Dan Mashal.

234 comments

Min score:

Reason:

Sort:

Arrogant maintainers... by gweihir · 2013-05-04 01:33 · Score: 5, Insightful

... thinking they know what is best for everybody. Same stupid story again and again. A button or hot-key for those that want to see their passwords would be acceptable, but making it the default is not.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
1. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-04 01:39 · Score: 0
  
  Anonymous so rather than plus one it just saying right on. Personally like the checkbox where if you clear it the password shows up. Leave it to the user to decide but make the default more secure.
2. Re:Arrogant maintainers... by hedwards · 2013-05-04 01:46 · Score: 5, Insightful
  
  During the install process you're probably alone. I can't recall ever having done an install at the local coffee shop or on the bus. And during the install process is a good time to actually see the password.
  The rest of the time though, it should be a hotkey as there's no point in masking the password if there's nobody in the room with you, I suppose there might be cameras, but if you're in public you should be assuming that somebody is looking over your shoulder. Even TrueCrypt offers the ability to unmask the passphrase if you wish.
3. Re:Arrogant maintainers... by cervesaebraciator · 2013-05-04 02:05 · Score: 1
  
  A button or hot-key for those that want to see their passwords would be acceptable [...]
  Exactly. And easy to implement. We just have to find a key on the keyboard that people are unlikely to use but is always present. How about this "CapsLk" one?
4. Re:Arrogant maintainers... by Kjella · 2013-05-04 02:09 · Score: 5, Insightful
  
  As long as you must take any active action to display the password I'm fine with it, but if you give me a password field I'm going to assume by default that it won't be echoed back to me in plaintext and I'd consider anything else an obvious bug. It doesn't really matter that in this particular case you almost certainly don't need that protection, it breaks the whole user expectation for password fields in general. It's like if your car would detect there is no traffic so there's no point in blinking the turn signal because nobody would see it, in practice I'd just think my turn lights are broken not that it was "smart". And there's a lot of hand-waving to justify this complicating simplification.
  
  --
  Live today, because you never know what tomorrow brings
5. Re:Arrogant maintainers... by HisMother · 2013-05-04 02:41 · Score: 1
  
  That's an interesting idea. Everybody already warns if you have capslock on while entering a password. They could just change the warning to "Your password will be displayed in plaintext," and ignore the actual capslock (assuming that's possible.)
  
  --
  Cantankerous old coot since 1957.
6. Re:Arrogant maintainers... by NemosomeN · 2013-05-04 02:55 · Score: 4, Insightful
  
  Why assign a hotkey to such a rare task? Make it a checkbox, two tabs away from the password field. Default: Mask the damn password.
  
  --
  I hate grammar Nazi's.
7. Re:Arrogant maintainers... by I'm+New+Around+Here · 2013-05-04 03:15 · Score: 1
  
  As long as you must take any active action to display the password I'm fine with it, but if you give me a password field I'm going to assume by default that it won't be echoed back to me in plaintext ...
  How about if, for this situation of doing a system install, the password field isn't masked, but there is a message displayed in the password box telling you is it not masked?
  Personally, I don't like having to check a box to see the password, and would rather it be unmasked by default with a checkbox to mask it. With the additional rule of checking or clearing the box clears the password field first. But with having the default, just for the installation process, being unmasked with the warning, and auto-clearing on change of option, would that satisfy you?
  
  --
  If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
8. Re:Arrogant maintainers... by KiloByte · 2013-05-04 03:23 · Score: 1
  
  Some of us actually use CapsLock to invert the case of part of the password. I'd scream loudly if you sabotaged it. I've had the displeasure of typing some code on a Chromebook, and the key being diverted for an useless function is a pain.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
9. Re:Arrogant maintainers... by hedwards · 2013-05-04 03:27 · Score: 1
  
  There's little or no point in masking the password. Unless you're choosing stupid passwords or having a huge number of chances to guess the password it's not going to make much of a difference. With a properly 10-20 character password that's actually mostly random people are not going to guess that based upon seeing it one time. At least not without them having some sort of savant ability to memorize random strings of characters.
  Checkbox or hotkey doesn't really make much difference, either way it should be optional.
10. Re:Arrogant maintainers... by Tore+S+B · 2013-05-04 03:30 · Score: 1
  
  I don't know how you could call that 'arrogance'. Thinking you know what is best for the majority is a prerequisite for setting sane defaults.
  
  --
  toresbe
11. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-04 03:30 · Score: 0
  
  I prefer unmasked passwords in everything except a webbrowser. It would be nice if it was a system setting.
12. Re:Arrogant maintainers... by RawsonDR · 2013-05-04 03:47 · Score: 4, Funny
  
  We just have to find a key on the keyboard that people are unlikely to use but is always present. How about this "CapsLk" one?
  i DON'T THINK MY KEYBOARD HAS THAT ONE
  i don"t often post on slashdot because holding down the shift key is far too tedious
13. Re:Arrogant maintainers... by cervesaebraciator · 2013-05-04 03:48 · Score: 1
  
  I'm sure it is. I was actually just attempting to make a smartass remark about the need for a CapsLock warning on a password prompt (doubtless encouraged by the common tendency to forget the key exists). I think, perhaps, my smartassery should have been more direct, or maybe just more clever.
14. Re:Arrogant maintainers... by war4peace · 2013-05-04 03:52 · Score: 1
  
  Wanna bet? I have inadvertedly trained myself to have photographic memory because I have had to type in manually thousands of service request numbers (which also contain letters, dashes) from screenshots or other machines. I can easily remember a 20-character string if I look at it for exactly as much time as you need to type it in, for enough time to allow me to write it down.
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
15. Re:Arrogant maintainers... by Stalks · 2013-05-04 03:53 · Score: 4, Insightful
  
  -- "if there's nobody in the room with you"
  That's an assumption. You don't know what other people are doing. You are basing an installer used by thousands on your own experiences. You're making the same mistake as the developers are.
  Plenty of times I have worked in the datacenter with other engineers from other companies doing installs all around me. I don't want them to see the password, thanks.
16. Re:Arrogant maintainers... by The+Moof · 2013-05-04 04:04 · Score: 1
  
  A good approach to the problem I've seen is masking the password except for the last character entered, put a timeout on that character (5-10 seconds), then mask it too. It lets you see what you've typed in, and you're no more at risk than someone just watching you type the password.
17. Re:Arrogant maintainers... by swalve · 2013-05-04 04:12 · Score: 2
  
  Why not just have a "show password" button like they do for WPA passkeys? You can type the pwd, and then click the button to verify. Problem solved.
18. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-04 04:22 · Score: 0
  
  I have installed boxes in IT in "siloed" environments with a lot of office politics. In that environment, a cow-orker from a "rival" IT team seeing a password can bring a world of hurt. A DNS server might "accidentally" unconfigure itself, a SAN might "just by chance" drop a LUN when only a person from another team is working in there, or a production database might mysteriously get encrypted with the other team having the key... but only willing to give it up if the next round of equipment upgrade orders goes through their hands first.
  I take enough precautions to prevent shoulder-surfing on the keyboard.
  Unmasking the password is a nice -option-, but in a lot of environments, especially with cameras and lots of onlookers, it can be a dreadful security disaster.
19. Re:Arrogant maintainers... by adosch · 2013-05-04 04:29 · Score: 1
  
  Couldn't agree more...
  From a Anaconda GUI manual install process, it seems silly to ditch very basic password blackout + back-end entry validation to make sure both password and retype fields match. Was that too much to maintain?
  From a Kickstart perspective, I'd say it's even 'less' secure because you can hard-code plain-text useradds in %post, grub passwords, AND more importantly, the root password itself. Not to mention, reveal a boat load about your hardware/network infrastructure that can be a lot more detrimental in the wrong hands or eyes.
  ...but point taken on both, I'd hope: 1) You're doing the install yourself and if it is a semi-sensitive install and NOT done with prying eyes and 2) from a ks perspective, you practice good filesystem ownership and permissions or satellite/spacewalk access controls. u
  All in all, it's shit like this that makes me lose even more faith in the current Fedora maintainers and the Linux distro going forward. Within the last year, things like non-POSIX adoption breeding into packages, lack of security (as mention in article), putting 'all' binaries in /usr/bin because 'we're lazy' approach and negating proper UNIX structure. Plain and simple, a lot of change to fix shit that had a standard, WASN'T broken and thought through LONG ago when most of these 'kids' were playing NES in mom and dad's basement.
20. Re:Arrogant maintainers... by AdamWill · 2013-05-04 04:36 · Score: 1
  
  "thinking they know what is best for everybody"
  I'm curious as to how you expect maintainers to write software. Take an opinion poll on every line?
  How would a maintainer who didn't think they know what was best for everybody ever write a line of code? Just guess?
21. Re:Arrogant maintainers... by marcosdumay · 2013-05-04 04:41 · Score: 1
  
  Personally, I don't like having to check a box to see the password
  But you'd like to click ok in a dialog box before it?
  
  --
  Rethinking email
22. Re:Arrogant maintainers... by Znork · 2013-05-04 04:58 · Score: 3, Insightful
  
  I assume you have yet to find employment in todays average workplace?
  Because corporate offices and many small company offices are notoriously lacking in privacy and the only time there's 'nobody in the room with you' is if you're doing your installations on christmas eve.
  Having the (Fedoras) install process work different than basically everything else is a bad choice in itself. And changing everything else would be utter idiocy; there are many cases like classes, presentations, user assistance, etc, etc when passwords are entered with observers watching the screen. One would basically have to move to one-time passwords to bypass the issue.
  Needlessly displaying passwords without significant compelling reasons is simply atrociously bad design. The only time it is ever even remotely justified in common practice is when very, very bad input devices make it difficult to know which character actually got entered.
23. Re:Arrogant maintainers... by I'm+New+Around+Here · 2013-05-04 05:14 · Score: 1
  
  Personally, I don't like having to check a box to see the password
  But you'd like to click ok in a dialog box before it?
  I'm not sure what you're asking.
  I would rather have password fields in standard login pages masked, but would be fine with the password in the installation routine not masked, with appropriate safeguards. If that specific password had the option of not being masked, I would prefer it to be the default with a checkbox to click to force masking. Basically, if I want to see it, and it is an option, why not have it be the default. The more security conscience people, or me in a low security location, should be happy to have a "more secure" option available that they enable before typing the password.
  
  --
  If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
24. Re:Arrogant maintainers... by UltraZelda64 · 2013-05-04 05:16 · Score: 1
  
  Is double-typing the password blind not enough? Even then, showing the password in plain view should be purely an option.
  If you still have to type their passwords twice even if they are in plain view, there will still be problems with people making typos and just copy-pasting them to the second field without noticing (especially with longer and more complex passwords). Even if not everyone uses the copy-paste method, people will still possibly make a typo in one or both password entry fields... again, using the other by sight to try to "correct" the one that looks wrong. What if both are wrong, only one looks more obvious? How will plain text passwords improve anything when it only increases the chances of entering the wrong password twice anyway, only now using different methods?
  If you fuck up typing a password, it's best to just start over. The traditional way of masked passwords at least enforces this. This new retarded "default" is just going to cause even more trouble at the very least, if not reduced security.
25. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-04 05:22 · Score: 0
  
  During the install process you're probably alone.
  Ever heard of TEMPEST?
26. Re:Arrogant maintainers... by dfetter · 2013-05-04 05:41 · Score: 0
  
  Speaking of arrogance, it takes quite a bit of it, that, or paranoia, to imagine that people in a data center know or care what you're doing with your equipment there. They all have jobs to do, and if you're doing something so sensitive that you think the risk of being spied on in the data center is that high, you should probably have your own data center. That, or lay off the meth^Wcoffee.
  
  --
  What part of "A well regulated militia" do you not understand?
27. Re:Arrogant maintainers... by hedwards · 2013-05-04 05:54 · Score: 1
  
  I'm sorry, but that is not a common ability that you're likely to encounter in the workforce. And generally service numbers aren't random anyways. They may appear to be random, but they're not, usually they're designed around a scheme that's only meaningful to people who use those numbers on a regular basis.
28. Re:Arrogant maintainers... by Stalks · 2013-05-04 06:25 · Score: 2
  
  I don't think arrogance means what you think it means as I haven't demonstrated anything to that effect.
  Whilst your comment is marginal troll, I will point out in the majority of cases the sensitive nature of any project wouldn't be a bearing in the choice of creating your own data center, that is just absurd.
  Also, in the UK the B2B sector of hosting is a cut-throat arena just like most heavily invested sectors. I'm sure some of our competitors would relish at the opportunity to put a spanner in the works to discredit the service we provide.
  Paranoid delusions? Possibly, but better safe than sorry.
29. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-04 06:53 · Score: 0
  
  I like installing OS in coffee shops. OS installs are boring, and I like reading the newspaper and talking to friends while I do it.
30. Re:Arrogant maintainers... by Immerman · 2013-05-04 06:58 · Score: 2
  
  Except we're living in a world where almost everyone has a discrete camera built into their cell phone, and we may have to deal with things like Google Glass, of which later versions will no doubt become increasingly discrete.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
31. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-04 06:59 · Score: 0
  
  During the install process you're probably alone. I can't recall ever having done an install at the local coffee shop or on the bus. And during the install process is a good time to actually see the password.
  Yes, because the stories that pour in here every month about the horrors of failed installs due to password flubbing are simply endless.
  This was a solution without a problem and you know it, so let's cut the bullshit already.
  Besides, if you've got the mental capacity to be installing your own OS software from scratch, you should be able to deal with a masked password field that usually has an option (read: not the default option) to unmask it. If not, then perhaps you shouldn't even be turning the power button on.
32. Re:Arrogant maintainers... by HiThere · 2013-05-04 07:16 · Score: 3, Insightful
  
  Yes. I'd make the defalut the other way, but it should definitely be user selectable. Different circumstances call for different options, but I don't think making the initial password entry unreadable is a good choice in most circumstances.
  Actually, for my setup I'd prefer that it almost always be readable, as there is no "caps lock on" indicator on my keyboard, and I rarely need to worry about shoulder surfers. (As in probably less than once a year.) But I have certainly observed other circumstances where that could be a concern.
  OTOH, perhaps a default "password unreadable" is reasonable. Most people will never change the default, and won't think about the problem unless they do. But it should definitely be user selectable.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
33. Re:Arrogant maintainers... by 93+Escort+Wagon · 2013-05-04 07:27 · Score: 1
  
  I assume you have yet to find employment in todays average workplace?
  Because corporate offices and many small company offices are notoriously lacking in privacy and the only time there's 'nobody in the room with you' is if you're doing your installations on christmas eve.
  I'll withhold my first thought (snarky retort), but - an actual IT professional employed in "today's average workplace" really shouldn't be installing Fedora in the first place.
  But yeah, this shouldn't be the default behavior... they're just tempting fate.
  
  --
  #DeleteChrome
34. Re: Arrogant maintainers... by Anonymous Coward · 2013-05-04 07:46 · Score: 0
  
  Yes. And if you're up against someone who can exploit it, you either work for the government and should be using a Tempest screened system, or the rubber hose rule applies.
35. Re:Arrogant maintainers... by war4peace · 2013-05-04 08:10 · Score: 1
  
  Yeah, like 3-XKWZ2012-09-XX. Of course that's designed around a meaningful scheme, but not to an average Joe.
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
36. Re:Arrogant maintainers... by eric_herm · 2013-05-04 08:33 · Score: 1
  
  Having worked in server room, I must say that's a pretty stupid thing to do, there is noise, it is cold and you are most of the time on a crappy screen, using a less than good keyboard, no mouse.
  So anything that could serve as a reason to ask to people to leave the server room is IMHO a good thing. Now, you can say " I cannot do install there, there is people around me". And either you get out, or the others get out, and in the end, that's it, few people saved from this pain.
37. Re:Arrogant maintainers... by Pentium100 · 2013-05-04 08:34 · Score: 1
  
  Is double-typing the password blind not enough?
  Not if you use more than one keyboard layout.
38. Re:Arrogant maintainers... by eric_herm · 2013-05-04 08:37 · Score: 2
  
  Have you read the link you posted ?
  Especially that part :
  ""Further, recent research[12] has shown it is possible to detect the radiation corresponding to a keypress event from not only wireless (radio) keyboards, but also from traditional wired keyboards, and even from laptop keyboards.""
39. Re:Arrogant maintainers... by UltraZelda64 · 2013-05-04 08:39 · Score: 1
  
  What? I can switch between keyboard layouts (Dvorak and Colemak) and type my password just fine. Only slower in Colemak, because I've had much more Dvorak practice and experience so far. And if I had to do it with QWERTY, I'd just look down at the keys. The second typing makes sure you typed it right and as you thought the first time. I don't see how using more than one keyboard layouts would matter.
40. Re:Arrogant maintainers... by Pentium100 · 2013-05-04 08:47 · Score: 2
  
  My native language uses additional characters in addition to the ASCII ones. When I want to write in my language, I switch the keyboard layout so the additional symbols are in place of the number row. So, I can type the password and it will match, but later when I try to type it with the default layout on, it won't match if I used the number row keys when creating the password.
  When I type somewhere else, I can immediately see that I'm writing nonsense because of the wrong layout and just switch it. I don't always remember to look at the layout indicator before typing a password.
41. Re:Arrogant maintainers... by PopeRatzo · 2013-05-04 08:50 · Score: 2
  
  there is no "caps lock on" indicator on my keyboard
  Well, there's your problem, right there.
  
  --
  You are welcome on my lawn.
42. Re:Arrogant maintainers... by bignetbuy · 2013-05-04 09:08 · Score: 1
  
  How the hell did you get marked Insightful? Go install Fedora while sitting at your desk in your cubicle at work...the same cubicle where people can walk up behind you and YOU WONT EVEN KNOW IT. Sysadmins don't have to live in the server room just to install an OS these days. .
43. Re:Arrogant maintainers... by gweihir · 2013-05-04 09:40 · Score: 1
  
  If you do it carefully and originally, yes. But not if you change it later without user demand.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
44. Re:Arrogant maintainers... by gweihir · 2013-05-04 09:43 · Score: 1
  
  I did not know these other things, but they do fit right into the impression I got. The Dunning-Kruger Effect at work, obviously. Fortunately, Fedora is not very relevant, except for the rare cases you have some Red-Hat specific software that refuses to run on other distros.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
45. Re:Arrogant maintainers... by gweihir · 2013-05-04 09:44 · Score: 1
  
  That is not the point. The point is that changing a well-established default that conforms to best practices to something that is not requires a very, very good reason. They do not have one but apparently think their opinion constitutes a very, very good reason. Therein lies the arrogance.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
46. Re: Arrogant maintainers... by Anonymous Coward · 2013-05-04 10:34 · Score: 0
  
  I'm sorry, but this is a lame excuse. If that's really a frequent problem you have, you should know by now to try both keyboard layouts when the default doesn't work.
47. Re:Arrogant maintainers... by BitZtream · 2013-05-04 11:31 · Score: 2
  
  Those of us who don't jerk off to how longer our passwords are, don't use 10 digit passwords.
  I say this as someone who has written more cryptography software than you've even used.
  10 digit passwords are fucking stupid. I'll just bash your head in rather than trying to brute force your password. I assure you, you will give it up FAR faster than anyone can brute force it. Same is true with 6-9 character passwords. I'll have found you and bashed your head in years before the password would be brute forced.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
48. Re:Arrogant maintainers... by BitZtream · 2013-05-04 11:46 · Score: 1
  
  I'm curious as to how you expect maintainers to write software. Take an opinion poll on every line?
  No, but they can work on the 'thinking' part.
  Its common sense, well accepted fact, that you should hide the password. They have proven that they aren't even capable of understanding they don't know what they are doing. That is FAR more scary than them not knowing what they are doing.
  If you don't know what you're doing, and you ask someone who does and then follow the advice, thats perfectly fine. When you clearly don't know what you're doing, don't ask anyone, don't even follow basic security principals that have been around longer than you've been alive ... well then you're going to have people pointing out ways for you to be the deciding factor.
  I write code almost every day for shit I don't know what I'm doing ... I think put that code up for review by people who do ... and then I fucking listen to what they have to say.
  I don't have to know everything to program as if I know everything. I just have to know what I do and don't know, and who to ask for help.
  The absolute WORST trait of almost ALL developers is that they won't ask for help when they don't know what they are doing. They still think it makes them look bad to ask for help, when not asking for help is what actually makes you look bad.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
49. Re:Arrogant maintainers... by Darinbob · 2013-05-04 11:51 · Score: 2
  
  They didn't take it far enough. A truly modern system would use text-to-speech technology to recite the password out loud as a favor to the hard of hearing.
50. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-04 14:15 · Score: 0
  
  Probably being forced by the authorities who use the infra red switches to access the monitor screen backdoors into personal computers that a lot of people are not aware of. They want it all.. The access points are the corruptable positions at the top of these corporations who seem to bend at will for something in return. All the more likely to bend when its big bro.
51. Re:Arrogant maintainers... by marcosdumay · 2013-05-04 14:56 · Score: 1
  
  The dialog box is better than simply showing the password without remembering you. But you were complaining that clicking to show the password is too much work, while proposing an idea that'll make everybody stop and click before working with passwords in any way, hidden or not.
  Always showing the password is a very bad idea, but your original one is actualy worse. Clicking for displaying is still the best option, and not showing the password at all comes in a nice second place.
  
  --
  Rethinking email
52. Re:Arrogant maintainers... by suso · 2013-05-04 19:04 · Score: 2
  
  This is what happens when hipster UI developers from the mobile and web world come into the Desktop and Server world and think they are the shit. WTF? The Fedora community seems to have gone apeshit insane in recent years. First their stupid nonesense about moving /bin to /usr/bin, now this. It wouldn't be much of a problem if Fedora was an obscure experiemental distribution, but its not. Its a feeder of ideas and technology for one of the most widely used server distributions in the world. These developers are being irresponsible.
53. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-04 22:03 · Score: 0
  
  Unless, of course, you have a contractual obligation to maintain data security for your customers. Having a viewable, plain text password breaks that obligation from the start. But then, maybe it's just me that cares about correct procedure.
54. Re:Arrogant maintainers... by VortexCortex · 2013-05-04 22:53 · Score: 1
  
  During the install process you're probably alone.
  Yes, but there's the odd chance that I'm not. For those who are alone, great, give 'em a checkbox to unmask the password -- Or at the very least GIVE ME THE OPTION to mask my password. Not having the OPTION to make a password field masked is not just retarding (requiring that I then cover the screen, or wait till I'm alone), but it's it plainly "fucking moronic" on the idiocy scale. Yes, I'll tell it like it is to anyone's face in those exact terms, because that's exactly the response this foolish and ridiculous of a situation calls for.
55. Re:Arrogant maintainers... by Alef · 2013-05-05 00:12 · Score: 1
  
  Having the (Fedoras) install process work different than basically everything else is a bad choice in itself. And changing everything else would be utter idiocy[...]
  Seriously, why would you require conformity between all existing installers in such utter detail? Surely, we must allow some room for diversity.
  
  [...] displaying passwords without significant compelling reasons is simply atrociously bad design.
  The reason would be that when you are setting a password, it is much more important to get it right. Furthermore, this is normally a rare activity, so the risks of displaying the password are proportionally reduced. I'm not saying this reason necessarily outweighs the risk of shoulder surfing, but I don't think the argument is as black-and-white as you make it.
56. Re:Arrogant maintainers... by Anarchduke · 2013-05-05 00:14 · Score: 1
  
  yeah, but the average joe is more likely to have a password like GrandsonName1
  
  --
  who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
57. Re:Arrogant maintainers... by ultranova · 2013-05-05 00:35 · Score: 1
  
  With a properly 10-20 character password that's actually mostly random people are not going to guess that based upon seeing it one time. At least not without them having some sort of savant ability to memorize random strings of characters.
  
  And because you are just as unlikely to have such abilities, your password is not going to be 10-20 random characters, now is it? Rather, it's going to be something that's easy for a human to memorize. Unless, of course, you write it down, in which case it's irrelevant whether the screen also displays it or not.
  
  --
  Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
58. Re:Arrogant maintainers... by war4peace · 2013-05-05 04:30 · Score: 1
  
  My point exactly. If I can remember the former, then te latter is a breeze...
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
59. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-05 07:04 · Score: 0
  
  If you have a time machine, why are you wasting it on going back only a couple years, much less for the sole purpose of bashing someone's head in to get their password? Why even bother, when a 6 character password can be brute forced in a couple seconds using last year's hardware?
60. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-05 16:06 · Score: 0
  
  It wouldn't have to be a popup message that requires an extra click, just put a warning on the screen - use red font?
61. Re:Arrogant maintainers... by Anonymous Coward · 2013-05-06 13:36 · Score: 0
  
  Fortunately, Fedora is not very relevant
  You're joking, right? Fedora is far and away the most popular linux distro, in terms of numbers of users (more than doubling Ubuntu's user base). Ubuntu fanboys might make the most noise, but Fedora quietly goes about being the #1 distro.
62. Re:Arrogant maintainers... by gweihir · 2013-05-06 15:11 · Score: 1
  
  Numbers are irrelevant. What is relevant is who runs the distros. While I am sure there are countless sheep running Fedora, barely anybody that matters does. Just the same as people running Windows as their main "OS": Their numbers are huge, bit nothing relevant or innovative has been coming from that direction for a very long time.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
63. Re:Arrogant maintainers... by quantaman · 2013-05-06 16:08 · Score: 1
  
  Well maintainers have to make some decisions, though from the bug report it sounds like there was enough of a response that they've changed it back.
  I'm undecided, I feel weird when I can see my passwords and I'd definitely have a problem if there isn't a button to re-hide it (there's times when you'll have to do an install when untrusted parties are around), but the common use-case does indicate to me that people would be better served with the password visible than hidden.
  
  --
  I stole this Sig
64. Re:Arrogant maintainers... by isorox · 2013-05-15 06:19 · Score: 1
  
  as there is no "caps lock on" indicator on my keyboard
  Not a problem, I assume you've mapped caps lock to something useful. I have it as escape personally
  keycode 66 = Escape NoSymbol Escape
  !lock Caps_Lock (0x42)
  clear lock
Only in the installer by Dopefish_1 · 2013-05-04 01:34 · Score: 4, Insightful

It's only in cleartext during installation, and only while the password field has focus. This is hardly something to get up in arms about, unless you regularly re-install your OS in front of a crowd.

--

#include <sig.h>
1. Re:Only in the installer by Anonymous Coward · 2013-05-04 01:43 · Score: 0, Redundant
  
  This is hardly something to get up in arms about, unless you regularly re-install your OS in front of a crowd.
  Except it only takes once for it to matter.
  Do you really expect me to disconnect an employee computer, hull it up to my office, and reinstall there - just so I can have a standard local root password the other admins also know?
  Why make me go through all that extra work, effort, and time simply because someone is too lazy to add password masking code that has existed since the 60s?
  Let me guess, the installer will also bitch if I type "1234" with the intent to change the password to a real one later using well made software? Seems par for the course here.
  All this change does is force me to install from a master base image and remove the option for a normal install in the rare time I need it, which in reality causes me to never use their installer software more than once.
  If they only wanted others to not use their software, why don't they just go the easy route and stop trying to write software? It will have the same effect but they will be finished in zero seconds instead of greater than zero seconds :P
  In the end, this is just a waste of everything.
2. Re:Only in the installer by hedwards · 2013-05-04 01:48 · Score: 1
  
  How often do you install or reinstall your OS in front of a crowd?
  What's more if you're setting individual admin passwords at install time you're doing it wrong. There's tools and techniques for dealing with this sort of thing that would be much more time efficient. Perhaps focusing on the real issue that you're not doing it right would be more efficient than demanding that everybody else suffer because you can't be bothered to set up deployment tools correctly.
3. Re:Only in the installer by dbIII · 2013-05-04 02:01 · Score: 2
  
  That's equivalent to saying that if you do an install from the keyboard you're doing it wrong. There's puppet and a pile of other things to avoid manual installs, but sometimes it's handy to go through an install process instead of just churning out identical systems. Also as for "individual admin passwords" - sometimes you do want to give people development boxes or whatever where they know the root password but you don't want them to have root on other machines. Most of the scientists in my workplace know the root password on their desktop systems for instance, and there's an R&D cluster that some developers can do anything they like to.
4. Re:Only in the installer by Anonymous Coward · 2013-05-04 02:01 · Score: 1
  
  Why are you installing employee computers off of an installer CD. They make slipped stream 100% handsfree installs OUT OF THE BOX for Fedora. If you are wasting this kind of time, manually installing it over and over instead of once, you deserve to be fired. Also denying root remote/root local password if more than slightly recommended. Sudo is your friend.
5. Re:Only in the installer by ArcherB · 2013-05-04 02:06 · Score: 1
  
  It's only in cleartext during installation, and only while the password field has focus. This is hardly something to get up in arms about, unless you regularly re-install your OS in front of a crowd.
  Why not a choice? What's wrong with a button that says, "Unmask Password"?
  And, sorry, but when developers decide what's best for me, that absolutely IS something to get up in arms about. Maybe I do install my OS in front of a crowd. Maybe I'm installing a real world system at a company that with a policy that says all systems must have the same password in front of people as part of a training course or at a cubicle next to someone who has not business knowing the password.
  My point is, the people who make these decisions have no idea where I'm going to be installing these systems or what my circumstances may be. If shadowing the password is a bad thing, then give me a damn button and let ME make the choice. Choice is good, right?
  
  --
  There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
6. Re:Only in the installer by Gavagai80 · 2013-05-04 02:06 · Score: 1
  
  If someone's standing over your shoulder already, they can just watch your hands on the keyboard to discover the password.
  
  --
  This space intentionally left blank
7. Re:Only in the installer by Anonymous Coward · 2013-05-04 02:10 · Score: 0
  
  It doesn't matter where you do it. It sets a bad precedent, a decision that will alter future thinking.
  Instead of making idiotic changes, fixing things that aren't broken, they should try fixing all those bugs that pop up all the time. I'm still stuck with F16, because I'm too afraid of what I might find in the future versions. Tried the live F18 and couldn't even get it to start ...
8. Re:Only in the installer by dbIII · 2013-05-04 02:11 · Score: 1
  
  Just look over your shoulder before entry.
  I've been stung by a fat finger problem before when I messed up entering the admin password for an "owncloud" area and the thing only lets you enter it once and it's masked. It was an annoyance and not a showstopper since having root lets you do pretty well anything to the applications running on a system (finding the password hash in the sql database and replacing it with another generated from a password I knew fixed it). It still took time and a visible field or entry twice would have avoided that.
  So there you go - it can be a waste of time masking it just as you suggest it is a waste not masking it.
  I can't really work out why this was worth a slashdot story.
9. Re:Only in the installer by gl4ss · 2013-05-04 02:14 · Score: 1
  
  if you are typing it while the employee is watching, it's all just games anyhow and your methods for working in a non-trusted employee situation are already suspect.
  anyhow, at least you're seeing the password behind which you are putting the whole computer. I guess someone over there made a double typo.
  of course the sane thing is to add an option for it, like a button next to it, but you know how uxperts are nowadays. the key in the group thinking currently is to remove all options from everything.
  
  --
  world was created 5 seconds before this post as it is.
10. Re:Only in the installer by jones_supa · 2013-05-04 02:20 · Score: 1
  
  If someone's standing over your shoulder already, they can just watch your hands on the keyboard to discover the password.
  But the chance of discovering the password is clearly higher if it's printed on the screen. I don't mind Red Hat showing the password, but your argument is not good.
11. Re:Only in the installer by fast+turtle · 2013-05-04 02:21 · Score: 3, Insightful
  
  Do you really expect me to disconnect an employee computer, hull it up to my office, and reinstall there - just so I can have a standard local root password the other admins also know?
  I sure as hell don't. I expect you to either push out a standard image or use PXE to boot the fucking thing and have it install the image that way with all of the employees files stored on the fucking server. As a small business owner, this is the method I prefer using with PXE boot being the 1st. I'll use a disk image for laptops unless it can be configured to PXE boot and download the damn image.
  
  All this change does is force me to install from a master base image and remove the option for a normal install in the rare time I need it, which in reality causes me to never use their installer software more than once.
  If you're doing it right to begin with, you wont be using the god damn installer anyhow as you should be either installing a standard image or using PXE to boot the system and install the fucking image.
  All your bitching indicates to me is that you haven't a damn clue how to build a standard image or that you want to play with unsupported software. This affects only Fedora (RH's fucking Beta Branch) though if they incorporate the change in RH's supported version, they'll be dead within a couple of years if not sooner because of lawsuits and loosing most of their Government Certifications.
  Before any of this will happen though, the shareholders will file suit and sue the idiot CEO/Chairman for violating "Fiscal Responsibility" as this is about the fastes way to kill Red Hat. Loose those Government Certifications and there isn't anywhere's in the world that a government will use their product. Hell give it enough stink and the shareholders may end up changing the Board and CEO for just that reason, gutting any compensation they would recieve (no golden parachutes).
  
  --
  Mod me up/Mod me down: I wont frown as I've no crown
12. Re:Only in the installer by tverbeek · 2013-05-04 02:22 · Score: 3, Insightful
  
  "Do you really expect me to disconnect an employee computer, hull it up to my office, and reinstall there - just so I can have a standard local root password the other admins also know?"
  
  That'd be a more appropriate place to do an OS install, but no: I expect you to lift your head and look around before typing, to see if anyone is staring at the screen. Because if there are other people in the room, and you're really that concerned that they'll be snooping at your root password, they can just as easily look at your hands on the keyboard.
  
  The practice of masking passwords in all circumstances is a perfect example of unthinking That's How We've Always Done It Syndrome. It dates back to the days of printing terminals, where everything you typed was dot-matrixed onto a roll of paper as you went. It was a very good idea and very important that those passwords not be echoed back to the user, because they'd be preserved on greenbar paper for someone else in the terminal room or computer lab to find.
  
  But most password entry isn't done in that context anymore. With password-saving features on web browsers and smartphones, it's often done once, then left alone; people can easily take a quick look around to make sure no one's looking when they tap their e-mail password into their smartphone during initial setup. A login screen that doesn't echo the password as you type it, but has "remember my password" checkbox... makes no sense whatsoever. But they're programmed that way, because That's How We've Always Done It. Not masking the password when you initially set the password is a good idea because it's really not that difficult to make the same typo twice in a row, and once you've done that with the root password on a new system, you're screwed.
  
  I work in an IT office, and every day I get multiple calls from users who've locked themselves out of their accounts because they couldn't see what they were typing. Caps-Lock is a frequent culprit, and if I had a dollar for every time I've asked a user to check that and try again (and it worked), I'd be able to buy pizza for the whole department every Friday.
  
  There are certainly circumstances where masking the password is a good idea. Kiosks where the user is likely to have strangers standing in line behind her, portable devices that are likely to be used on coffee shop tables, and high-security environments of various kinds. But not all password entry requires that level of looking-over-your-shoulder-but-not-really-because-you-can't-be-bothered-to paranoia to applied. If I'm logging in to Netflix.com to add a movie to my queue, I don't need the kind of password-masking secrecy needed to log in to the medical-records software used where I work. And it's high time someone had the critical thinking skills to start making this judgment call on a case-by-case basis.
  
  --
  http://alternatives.rzero.com/
13. Re:Only in the installer by Anonymous Coward · 2013-05-04 02:28 · Score: 0
  
  "you deserve to be fired"
  And as usual, people who spew this line of garbage are your typical noobs who haven't experienced life in the real world yet.
14. Re:Only in the installer by nine-times · 2013-05-04 02:29 · Score: 1
  
  Why not a choice? What's wrong with a button that says, "Unmask Password"?
  That's not a terrible idea, but I would be very careful about implementing it. The problem is that it *can* be worse to have a security measure be in place "sometimes" or "most of time" than to not have it in place at all. If password masking is common enough that people assume it will be there, then they'll rely on it, get a sense of security from it, and let their guard down. Then they may type their password out in an unmasked field without noticing in time. People tend to type their passwords out quickly without much thought as it is, so it may not even be enough to provide a visual cue indicating that the password will not be masked.
  Either you security do "yes" or security do "no." You security do "guess so," squish, just like grape.
  Ok, maybe that quote doesn't really work, since security isn't really about absolutes. But it kinda works.
15. Re:Only in the installer by jones_supa · 2013-05-04 02:31 · Score: 1
  
  What happened when you tried to start F18?
16. Re:Only in the installer by mlookaba · 2013-05-04 02:47 · Score: 1
  
  " This is hardly something to get up in arms about, unless you regularly re-install your OS in front of a crowd."
  Sure, it won't cause a problem if everything always goes according to plan. Perhaps we should save money and remove the interlocks from airplane doors too. After all, it's nothing to get up in arms about, unless you regularly open the door in flight.
17. Re:Only in the installer by amaurea · 2013-05-04 02:55 · Score: 3, Insightful
  
  Because if there are other people in the room, and you're really that concerned that they'll be snooping at your root password, they can just as easily look at your hands on the keyboard.
  To read the password from your hands, they need to watch you undetected during the whole password entry. Reading which keys people press is also error-prone and requires you to be very nearby to have full view of the keyboard. To read the password from the screen, you only need a single glance at it near the end of the entry process, and it can be done from further away.
  Imagine a competition where two teams have to try to detect a password without being discovered, but for one team, the password is masked, and for the other it is shown directly on screen. Now you have to bet on which team would get most passwords. I think it should be pretty obvious to everybody that the plaintext team would have a huge advantage - it wouldn't really be a competition at all.
  The compromise suggested in TFA, with all but the previously entered character being masked, gets rid of the single glance problem, but still allows the password to be snooped from relatively far away. I think the former problem is the most serious, though, so it is probably a good tradeoff.
18. Re:Only in the installer by Anonymous Coward · 2013-05-04 03:07 · Score: 0
  
  How often do you install or reinstall your OS in front of a crowd?
  During the whole last year and this one too...
  In front of a crowd: 5-6 times, on Linux help events and helping friends over lunch, who certainly don't want their password shown publicly. Would be highly embarrassing if the password was there for everyone to see.
  Not in front of a crowd: exactly zero times.
  In my opinion, this change is so bad it's actually hard to believe they're doing it...
19. Re:Only in the installer by devent · 2013-05-04 03:17 · Score: 1
  
  Oh please, Stupid users will always be stupid. And next level of stupidity will be that even the password typed is in clear text, the user will not recognise an upper case character and will think it is a lower case character and will call you up anyway.
  Stupidity is always a race to the bottom. Somewhere you have to put a line and say: no, just learn how to do it.
  
  --
  http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
20. Re:Only in the installer by Grax · 2013-05-04 03:21 · Score: 2
  
  I don't think it is the end of the world, I think it is more about expectations. I haven't seen the screen in question but I would probably be fine with it as long as it had a warning that the password would be displayed. Suppose I am installing a virtual machine while sitting in a shared space or while sharing my screen on a projector. I go type that password in with the expectation it would be hidden and next thing you know, everyone knows my password. I suppose you could say I'm a bad person for using my login password on my virtual machine's install, but I want something easy to remember. It could very easily be something else but the point is, I didn't expect to be showing that password to anyone, even with others viewing my screen.
  
  --
  Coding Blog
21. Re:Only in the installer by zippthorne · 2013-05-04 03:24 · Score: 1
  
  People tend to type their passwords out quickly without much thought as it is...
  Isn't that what you're supposed to do - type to mitigate some of the shoulder-surfing issue by making it that much more difficult for someone to notice where your fingers are.
  
  --
  Can you be Even More Awesome?!
22. Re:Only in the installer by bill_mcgonigle · 2013-05-04 03:29 · Score: 1
  
  Ok, maybe that quote doesn't really work, since security isn't really about absolutes. But it kinda works.
  I'll tell you what it works for - short passwords. I have some systems with 36-character keys (oh, right, passwords) and if they're masked and I'm all alone in a data center (or on remote, more likely these days) it's terribly frustrating since I'm not a perfect typist. Yeah, I can slow down and do it right (I don't have a neurological disorder, though some do) but being able to do it fast and have access to backspace is more productive.
  Fedora is doing the right thing by allowing unmasked passwords so people will be able to use longer passwords. It's utterly stupid of them to not include a checkbox for 'mask password' if people are going to have a need for that. I'm OK with that being the default too (safer defaults are almost always the right choice), just let me have the choice to unmask the password when I need to. My current Fedora system passwords are only in the 16-character range because of this.
  As you say, security isn't about absolutes, and if the Fedora devs think they can understand every situation in the field on millions of systems, then they're delusional and fail at security. Fedora should not be about mistrusting its users.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
23. Re:Only in the installer by Anonymous Coward · 2013-05-04 03:30 · Score: 0
  
  "In front of a crowd: 5-6 times, on Linux help events and helping friends over lunch, "
  You reinstall your friend's computer system while sitting at Starbucks?
24. Re:Only in the installer by I'm+New+Around+Here · 2013-05-04 03:37 · Score: 1
  
  Do you really expect me to disconnect an employee computer, hull it up to my office, and reinstall there - just so I can have a standard local root password the other admins also know?
  I hope you bring your own certified keyboard with you when you reinstall employees' computers at their own desk.
  Because if you don't, the easiest way to get your supersecret password is for the employee to replace their keyboard with another that has a key logger built in.
  What company do you work for? I have a friend who's looking for a job.
  
  --
  If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
25. Re:Only in the installer by I'm+New+Around+Here · 2013-05-04 03:40 · Score: 1
  
  It fired all its missals and dropped the extra fuel tank. Damn system bugs.
  
  --
  If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
26. Re:Only in the installer by AmiMoJo · 2013-05-04 03:44 · Score: 1
  
  It's a really bad idea to have the same local admin password on laptops that go out the door. Also for small businesses without a suitable site license each machine needs installing separately and an image won't pass Genuine Advantage.
  Maybe you use Linux. Lucky you.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
27. Re:Only in the installer by phantomfive · 2013-05-04 03:45 · Score: 1
  
  If you are seriously worried about security, not only do you have to make sure no one is in vision range, you have to make sure they are not within microphone range as well. You can crack a password with just the sound of the keyboard.
  
  --
  "First they came for the slanderers and i said nothing."
28. Re:Only in the installer by Aighearach · 2013-05-04 03:58 · Score: 1
  
  Why make me go through all that extra work, effort, and time simply because someone is too lazy to add password masking code that has existed since the 60s?
  They're taking the old code out, and writing new code with this feature, not leaving something undone. You're obviously fibbing about "other admins" Mr "Anonymous." I'd be embarrassed too if I was impersonating an admin. But your one mistake... admins can read.
29. Re:Only in the installer by Aighearach · 2013-05-04 04:04 · Score: 1
  
  The story is about a Fedora feature, so yeah, if they're not using linux they didn't have a valid point anyways. So if they don't say, that is reasonable to assume.
30. Re:Only in the installer by kernelpanicked · 2013-05-04 04:16 · Score: 1
  
  Three things.
  1. Just because you use a standard image, doesn't mean all passwords have to be the same. It's quite easy to generate a random password and have that password updated in a database or sent somewhere for retrieval with kickstart.
  2. This is for Fedora. Anyone deploying Fedora in a work environment, needs to be fired immediately. It's in no way considered stable and it's supported for a total of 13 months from the day of it's release. That's not even close to a reasonable lifetime.
  3. What in the actual fuck, does any of this, have to do with Windows or Genuine Advantage?
  
  --
  Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
31. Re: Only in the installer by Anonymous Coward · 2013-05-04 04:36 · Score: 0
  
  SERIOUSLY, you can't just use a junk password in the event you are installing an OS with a PROJECTOR sharing the screen?
  These arguments are getting bizarre.
32. Re:Only in the installer by Anonymous Coward · 2013-05-04 04:46 · Score: 0
  
  "Do you really expect me to disconnect an employee computer, hull it up to my office, and reinstall there - just so I can have a standard local root password the other admins also know?"
  
  no.. you're gonna do a scripted net install or restore, so no worries.
33. Re:Only in the installer by Znork · 2013-05-04 05:16 · Score: 2
  
  If you're using the appropriate tools for doing this sort of thing, why do you need the password to be visible?
  See, works both ways.
  The real issue is that when the end user needs to input a password it simply should not be visible by default as there is no way to tell if the user is in a situation where the password can be observed during input. As the user cannot be expected, without major flashing red alerts all over the screen, to assume that the Fedora installer will work different from close to every other password field in every application available they cannot be expected to take appropriate precautions which will lead to security issues where the decision to make Anaconda 'special' will be entirely at fault.
34. Re:Only in the installer by Anonymous Coward · 2013-05-04 05:19 · Score: 0
  
  No we expet you to image the machine back to a usable state. Why are you doing a fresh install instead of applying an image with all the software needed.
35. Re:Only in the installer by Anonymous Coward · 2013-05-04 05:25 · Score: 0
  
  Fedora is Catholic?
36. Re:Only in the installer by UltraZelda64 · 2013-05-04 05:33 · Score: 1
  
  Not as easy if you use a more optimized keyboard layout during installation that requires far less finger movement, since most of the keystrokes would end up on the home row... plus you'd have the added benefit that no key they see being pressed is actually what it appears. :P
  Of course, while somewhat-serious, this doesn't really apply in the context of this thread because the original posts were talking about business installs. I guess it's still possible, you'd just have to change the default keyboard layout back to the standard, which would range as an annoyance on one installation to a pain in the ass on several.
37. Re:Only in the installer by UltraZelda64 · 2013-05-04 05:41 · Score: 1
  
  If you are seriously worried about security, not only do you have to make sure no one is in vision range, you have to make sure they are not within microphone range as well. You can crack a password with just the sound of the keyboard.
  But... does it work on Dvorak? Or Colemak?
38. Re:Only in the installer by phantomfive · 2013-05-04 05:48 · Score: 1
  
  Why not?
  
  --
  "First they came for the slanderers and i said nothing."
39. Re:Only in the installer by hedwards · 2013-05-04 05:59 · Score: 1
  
  If they think they need root on individual boxes, but not on all of them, the solution is usually to educate them and then to properly set up the system.
  Most of the time when I hear people claiming they need root, they don't need root. It's just that they need to do one thing or another that defaults to requiring root. If you properly set up the system, you don't have to give them root for them to be able to do their jobs, usually you can just set it up to permit them to mount a CDROM or whatever it is.
  Giving out root willy-nilly just makes it harder to maintain the system and doesn't normally make their jobs any easier.
40. Re:Only in the installer by hedwards · 2013-05-04 06:00 · Score: 1
  
  Perhaps it's time that changed. I've regularly had problems setting passwords online because I can't see what the system thinks I've typed into the box. So, I type something and after it hits the end of the box and starts scrolling I have no way of knowing if it's truncating my input.
  At least if I'm seeing the text, I know that it's only accepted X digits without having to guess if there are more * appearing in the field.
41. Re: Only in the installer by Grax · 2013-05-04 06:24 · Score: 1
  
  You're just not grasping it. It isn't about whether I use best practice, worst practice, or really stupid practice. It is about an unexpected change to my expectations.
  
  --
  Coding Blog
42. Re:Only in the installer by UltraZelda64 · 2013-05-04 07:45 · Score: 2
  
  I just re-read the article you linked to again to refresh my memory (it's been a while since I read it), but it's obvious this wouldn't likely happen--even with the standard keyboard layout.
  1. Of course this has to happen if a computer is actively "listening" for keystrokes. Clearly the machine installing an OS has no way of doing this, so obviously another computer must be nearby.
  2. Let's assume another computer is nearby. Now, with two computers nearby, what is the likelyhood of yet another one or more being around in a business setting? Probably pretty high, but even the noise from just one computer's keyboard could probably throw the whole algorithm off.
  3. Killer problem right here. It needs to "listen" and gather audio data for 15 minutes to actually work. 15 minutes. Of all the time you're installing an OS, how many actual minutes are used up typing? Probably one or two at the most. Big fail. Meanwhile, it could be hearing lots of keyboard chatter from people on other computers, or have its performance decreased from other external noise.
  4. The algorithm assumes English. What if, like any semi-good password should be, it is a mix of English and complete gibberish, including special characters and numbers, etc.? Numbers alone can be hit at different speeds, producing different noise, depending on whether you use the top row or the numeric keypad. Use complete gibberish and all bets are off. A good password will force you to slow down and think at some points, further confusing the algorithm.
  So... the fact remains, the two most likely way to "steal" a password by being in the same physical room are:
  1. Glancing at the screen and seeing it, right there, being displayed in front of your eyes. (easy; a second or two is all it'd take)
  2. Trying to look as close as possible while someone types the password, attemting to see what keys are pressed and in what order from beginning to end (difficult; requires good timing, clear view and good estimation, and the typist to be completely oblivious to his surroundings; unlikely to happen)
43. Re:Only in the installer by Anonymous Coward · 2013-05-04 08:11 · Score: 0
  
  or keyboard being different that the current local.
44. Re:Only in the installer by dbIII · 2013-05-04 13:23 · Score: 2
  
  In my case it's for people that are capable of a full reinstall if they find there is a different linux distro that better suits their needs (which a few have done without needing any help) and for developers that want to beat things until they break. They get a different root password to the servers, other desktops etc, and for some stuff even a different subnet. It's a little different to giving it out "willy-nilly" and given them nice safe VMs doesn't help when they want to muck about with hardware as well.
  While even some software developers should never be trusted with root on their own box there are many that can be, that are impeded in their work if they don't have it, and can get root in a minute with a reboot and a knoppix CDROM or whatever anyway. The same goes for a lot of other technical staff that dabble in software and hardware as part of their work (eg. some scientists).
  What is unthinkable in many office environments is just making it easier for people to do their work in others. So long as you are aware of what is going on and plan for the inevitable failures it may not cause much hassle.
45. Re:Only in the installer by Anonymous Coward · 2013-05-04 13:56 · Score: 0
  
  If stupidity is a race to the bottom, you're winning. Most users are literate enough to know the difference between an uppercase letter and a lowercase letter... but not then they both look like *.
46. Re:Only in the installer by I'm+New+Around+Here · 2013-05-04 14:46 · Score: 1
  
  Fedora is Catholic?
  Don't judge me! :^P
  I typed "missles" first, and Firefox redlined it. Then I tried "missels" and it was still redlined. So I right-clicked to get the proper spelling, and saw "mussels" which I knew was way off, then "misses", and third was "missals". I knew it was not right, but figured "Fuck it, that's what Firefox thinks it is. Good enough for a lame joke on /. ."
  I hope it at least gave you a chuckle.
  
  --
  If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
47. Re:Only in the installer by tlhIngan · 2013-05-04 18:01 · Score: 1
  
  Sure, it won't cause a problem if everything always goes according to plan. Perhaps we should save money and remove the interlocks from airplane doors too. After all, it's nothing to get up in arms about, unless you regularly open the door in flight.
  
  You could and nothing would happen. Because while in flight, the cabin is pressurized, and doors open inwards so they're propped shut by air pressure. There aren't many doors that open outward other than cargo ones, and even then they're a rarity because of the immense forces while pressurized (you're looking at ton of force bearing down the door - that's a lot for a latch).
  Even when you're below 10,000 feet, the cabin still maintains a positive pressure over the outside - the cabin altitude is scheduled to reach airport altitude when the plane touches down, and not track the plane's altitude as the plane descends faster than most passengers would prefer (and would cause a lot of discomfort in pressure equalization).
48. Re:Only in the installer by nine-times · 2013-05-05 00:54 · Score: 1
  
  Yes, I wasn't trying to say that there's anything wrong with typing quickly and without much thought. My point was that, even if you have some kind of visual cue to tell you whether your password will be obscured, people might not pay enough attention to that cue and type their password quickly before realizing that it's unmasked.
49. Re:Only in the installer by mlookaba · 2013-05-05 05:05 · Score: 1
  
  Thanks for the info. Obviously I should have picked a topic I know something about to use as an analogy. ;-P
50. Re:Only in the installer by Anonymous Coward · 2013-05-06 05:29 · Score: 0
  
  Perhaps it is a bad idea. Fine. But turning it into an even worse idea is not a sane response.
51. Re:Only in the installer by Zontar+The+Mindless · 2013-05-09 00:57 · Score: 1
  
  "In front of a crowd: 5-6 times, on Linux help events and helping friends over lunch, "
  You reinstall your friend's computer system while sitting at Starbucks?
  You often quote people while blithely ignoring ignoring what you're quoting?
  
  --
  Il n'y a pas de Planet B.
Obligatory bash.org by Anonymous Coward · 2013-05-04 01:35 · Score: 2, Funny

Obligatory bash.org quote
1. Re:Obligatory bash.org by erroneus · 2013-05-04 01:59 · Score: 1
  
  That's one of the funniest things I've seen in a while. Thanks!
Progress and Innivation by foobsr · 2013-05-04 01:35 · Score: 1

I suppose this is the point where MBA skills have overcome insight within the FOSS (or whatever) domain.
CC.

--
TaijiQuan (Huang, 5 loosenings)
1. Re:Progress and Innivation by bignetbuy · 2013-05-04 09:19 · Score: 1
  
  You're probably more right than you realize. Fedora Project has taken an odd turn over the last 2-3 releases. This password masking issue is only the latest of "change because we can" versus "change because it's broken" attitude.
Windows 8 by scottnix · 2013-05-04 01:35 · Score: 5, Interesting

I like the way Windows 8 addressed this problem. They added a button that looks like an eye on the right hand side of the password field to show the password as you've typed it. That seems like a better compromise than briefly showing the password characters.
1. Re:Windows 8 by Anonymous Coward · 2013-05-04 02:38 · Score: 5, Funny
  
  For mentioning a Microsoft product, we had to mod you down.
2. Re:Windows 8 by marcosdumay · 2013-05-04 04:47 · Score: 1
  
  Yeah, they used the default interaction style, like everybody else.
  Except of course to the Ubuntu team, that has a worse case of NIH than even Microsoft, comparable only to Gnome's.
  
  --
  Rethinking email
3. Re:Windows 8 by UltraZelda64 · 2013-05-04 05:52 · Score: 1
  
  Bad idea. What if someone is in a library on a public computer and tries to log in, and just after they've entered their password, they wonder "Hmmm... what is that eye-looking thing?" Then they click it and--too late! A few people have already seen it. Oops! Add this "cloud computing" shit that all these companies are trying to force down our throats and you've got potential for problems.
  But seriously though, it is a decent idea... just one that I'm sure is not infallible to situations similar to the above. Maybe once virtually everyone knows what it is it will be better, but until then maybe it should have the text [Show password] beside it.
4. Re:Windows 8 by UltraZelda64 · 2013-05-04 05:57 · Score: 1
  
  How do you measure NIH? I'm not sure I see how you can put Microsoft is below GNOME and Ubuntu, although I'll be honest, they are all pretty bad about it...
  Microsoft seems to be King of NIH to me, and GNOME is like Apple in their "our way or the highway" attitude about everything, but Ubuntu seems to be getting worse in several areas so it'd probably be too soon to judge them.
5. Re:Windows 8 by Lakitu · 2013-05-04 10:15 · Score: 1
  
  Microsoft is more about creating and pushing their own products because they want to make money, not because they're reluctant to use something created somewhere else. If they can use, control, or own things created elsewhere, they're all for it.
6. Re:Windows 8 by thegarbz · 2013-05-04 15:46 · Score: 1
  
  I like the way Windows 8...
  Now there's a set of words I'd never thought I'd see strung together in a sentence on Slashdot.
Presentations... by Anonymous Coward · 2013-05-04 01:37 · Score: 0

What exactly are you supposed to do when you're demoing a product to a room full of people and need to log in using your credentials while they watch? Happens to me all the time.
1. Re:Presentations... by Neil_Brown · 2013-05-04 01:42 · Score: 1
  
  Unless you are installing a production system in front of a room of people, and then not changing the password afterwards, just carry on as usual:
  
  Maintainers of the Anaconda installer in Fedora have taken it upon themselves to show passwords in plaintext on the screen as they are entered into the installer
one size may not fit all by goddidit · 2013-05-04 01:37 · Score: 2

I think that this improves password usability and is a move to the right direction. Others should follow instead of making passwords even harder for the end users, the most insane counter examples are the websites that mask your username as well. However, there really should be a switch to toggle this behavior.

--
This .sig is exactly 120 characters long.
According to Peter Gutmann... by gnasher719 · 2013-05-04 01:45 · Score: 1

1. Apps should be aware of password entries, and should turn of mirroring monitors, projectors etc. during password entry.
2. Showing nothing of the password is bad. Some applications actually added random numbers of stars as you type, that is worse. Showing a single character is slightly useful. Dimming out a few characters is better.
3. People are very good at detecting that someone is looking over their shoulder.
1. Re:According to Peter Gutmann... by tepples · 2013-05-04 01:58 · Score: 1
  
  1. Apps should be aware of password entries, and should turn of mirroring monitors, projectors etc. during password entry.
  
  Then applications for playing major studio movies would put a password box on the screen just to keep users from mirroring the video to more than one monitor without the movie studio's permission.
2. Re:According to Peter Gutmann... by Anonymous Coward · 2013-05-04 02:02 · Score: 0
  
  1. Apps should be aware of password entries, and should turn of mirroring monitors, projectors etc. during password entry.
  
  Or, you know, just mask the password.
  
  2. Showing nothing of the password is bad. Some applications actually added random numbers of stars as you type, that is worse. Showing a single character is slightly useful. Dimming out a few characters is better.
  
  Even better, not showing anything. Or putting a genetic "typing" text to give you feedback that the application is actually receiving input, which is the only feedback you should ever have.
  
  3. People are very good at detecting that someone is looking over their shoulder.
  People are also really good at developing muscle memory. I can type my 30ish character-long password in seconds, without thinking about it. I have different passwords for every application and website, but I let a password manager handle that, I only need to remember the one complex password. In the very rare situation that I make a mistake, I type it all again. What problem is this trying to solve? Who in the hell has any problems typing a password because they can't see it?
3. Re:According to Peter Gutmann... by gnasher719 · 2013-05-04 03:56 · Score: 1
  
  Then applications for playing major studio movies would put a password box on the screen just to keep users from mirroring the video to more than one monitor without the movie studio's permission.
  You are not thinking clearly. I said an application should disable display on external monitors or projectors while a password is entered. That means the application disables the monitor. An application for playing movies that _wanted_ to disable other monitors would just do that.
  
  This ignores the fact that they wouldn't be able to convince me to rent movies on iTunes and pay them money if I couldn't watch them on my TV but only on my laptop.
4. Re:According to Peter Gutmann... by BitZtream · 2013-05-04 12:12 · Score: 1
  
  An application for playing movies that _wanted_ to disable other monitors would just do that.
  
  If done like Windows UAC, then it doesn't work because the password prompt prevents ALL monitors from being useful for anything else. All you can do is enter your password, until then, you don't see whats under anything on any monitor.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
this is a simple case of a by Anonymous Coward · 2013-05-04 01:46 · Score: 0

Stupid developer not owning up to his mistake
Good. by Rational · 2013-05-04 01:48 · Score: 5, Interesting

I hope it catches on. Just give me a tickbox if I want masking when in a public place.

--
"Be nice, veer left, and never stop thinking" Iain Banks - Walking On Glass
1. Re: Good. by Anonymous Coward · 2013-05-04 05:06 · Score: 0
  
  If you have to install an OS in public, use a junk password. Jesus, what's wrong you you people.
  Change the password later in a secure environment, with no USB key loggers, shoulder surfers, etc etc, if you are SO concerned about it.
  The whole point is to successfully make it past the install phase and into the OS the first time. You don't NEED to enter your personal or organizational super duper secret password at the manual password entry install screen.
  My company uses one password in the kickstart script, and the real one we manually set when configuring the system. On top of that our security teams scan systems for easy passwords, the default install/image one being on that list.
  There's no reason an individual doing a manual install can't do the same thing - all you need to do it get into the system, make your non-admin account, and set the real admin password, this is standard practice.
2. Re:Good. by Anonymous Coward · 2013-05-04 14:39 · Score: 0
  
  Sorry, but that's the wrong way round. Happy for you to have a tickbox if you _don't_ want masking, but the rest of us want to keep our passwords masked by default, thank you very much.
  LOL. Captcha: betrayal
3. Re:Good. by Anonymous Coward · 2013-05-04 18:24 · Score: 0
  
  I don't know. I've installed a distro in front of a friend before, and I sure wouldn't want something like "dongsmasher" to appear briefly before I caught on.
Password by Anonymous Coward · 2013-05-04 01:50 · Score: 0

So when I type 'password' for my password it will show it. Great news!
1. Re:Password by Gaygirlie · 2013-05-04 02:13 · Score: 1
  
  So when I type 'password' for my password it will show it. Great news!
  ...in the INSTALLER.
On the bright side... by Anonymous Coward · 2013-05-04 01:50 · Score: 0

I predict Ubuntu will release their own update that incorporates this.
And then we can all get along with the business of running Debian - who would never be so stupid as to pull crap like this.
1. Re:On the bright side... by Anonymous Coward · 2013-05-04 02:03 · Score: 0
  
  I predict Ubuntu will release their own update that incorporates this.
  And then we can all get along with the business of running Debian - who would never be so stupid as to pull crap like this.
  Considering Debian has foistered upon its users that shithole known as Gnome 3 I wouldn't put to much faith in them. Seems like the Linux community at large is affected bu the mad cow disease.
  Rational decisions go out the windows; stupid, completely stupid decisions stay in. And since those decisions are declared "design decisions" whoo pee dee doo you're hosed. No chance of having them reverted.
  What is so wrong by making "visibile password" OPT-IN ? Fucking jesus christ. No, it's better to just have the default as making the passwords visible. Damn idiots.
  Let's throw all the self proclaimed designers out of the linux community. Nothing will be lost considering all the shit they have imposed soviet style over their users.
2. Re:On the bright side... by I'm+New+Around+Here · 2013-05-04 03:48 · Score: 1
  
  Let's throw all the self proclaimed designers out of the linux community. Nothing will be lost considering all the shit they have imposed soviet style over their users.
  Or you could roll your own. Isn't the the biggest advantage of open source, that you have that final level of control?
  
  --
  If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
3. Re:On the bright side... by UltraZelda64 · 2013-05-04 06:42 · Score: 1
  
  Not if you're not a developer and you want to work with machines, not work on them. If I wanted to work on my machine instead of actually using it, I'd still be running Windows.
4. Re:On the bright side... by Culture20 · 2013-05-04 08:04 · Score: 1
  
  Or you could roll your own. Isn't the the biggest advantage of open source, that you have that final level of control?
  That's like saying the biggest advantage of the US Constitution is that it leaves open the possibility of revolution.
  A better advantage of publicly developed open source used to be that good ideas bubbled up to the top. Unfortunately the heads of projects are starting to behave like banana republic dictators, refusing to acknowledge any ideas but their own. Forking is tiresome enough that people don't want to bother unless things get really, really bad.
5. Re:On the bright side... by eric_herm · 2013-05-04 09:08 · Score: 1
  
  It is more than people are not able to fork because that mean doing real work. It is much easier to send a email than to do real work. Look at MATE, everybody screamed, how many people working on the code ? 5, 10 ? Github list 15 people who can commit, and the graphs of commits look very low.
  Heck, there is likely more people following Paris Hilton days and nights than people devoting time to make MATE work. Where did all those people who screamed gone ? Oh yes, doing nothing and just waiting as usual...
"Show password as I type" checkbox by tepples · 2013-05-04 01:54 · Score: 0

The log-in and sign-up pages on Phil's Hobby Shop have a "Show password as I type" checkbox. Is this what you were looking for?
1. Re:"Show password as I type" checkbox by gnasher719 · 2013-05-04 03:48 · Score: 3, Interesting
  
  The log-in and sign-up pages on Phil's Hobby Shop have a "Show password as I type" checkbox. Is this what you were looking for?
  As a MacOS X developer, the developer can mark text entry fields as "password". A major effect of this that other applications (like external spelling checkers, for example) don't have access to what you are typing. The other effect is that the input is hidden.
  
  At the moment, you can't have a password field that gives protection against malware that could be on your computer, _and_ at the same time displays the password. Only one or the other.
2. Re:"Show password as I type" checkbox by cbreak · 2013-05-04 08:06 · Score: 1
  
  If you display the password, then malware could easily read it from screen by making a screenshot (or asking the OS to do it).
3. Re:"Show password as I type" checkbox by Pentium100 · 2013-05-04 08:37 · Score: 2
  
  At the moment, you can't have a password field that gives protection against malware that could be on your computer...
  ...whether it is displayed to the user or not.
4. Re:"Show password as I type" checkbox by gweihir · 2013-05-04 09:39 · Score: 1
  
  Actually, I was thinking of how the Blackberry z10 does it. Just got one recently after looking at not really convincing android phones all day. (And the iPhone is just crap if you actually want to use it as a phone, i.e. call, listen and talk).
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
why isn't there a flag? by pz · 2013-05-04 01:57 · Score: 2

Many times I'd like to see my password in clear text (like when entering new passwords, to make sure they're correct). It would be convenient to have some way to temporarily turn off asterisk masking.

--

Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
1. Re:why isn't there a flag? by cervesaebraciator · 2013-05-04 02:11 · Score: 5, Funny
  
  Many times I'd like to see my password in clear text (like when entering new passwords, to make sure they're correct). It would be convenient to have some way to temporarily turn off asterisk masking.
  I solve this problem by making all my passwords ********.
2. Re:why isn't there a flag? by Anonymous Coward · 2013-05-04 06:17 · Score: 0
  
  I tried that once, but some ssam joker kept logging in as me. I stymied them by adding another asterisk, though.
3. Re:why isn't there a flag? by Subm · 2013-05-04 06:45 · Score: 1
  
  I solve this problem by making all my passwords ********.
  That's the code for my luggage!
4. Re:why isn't there a flag? by Anonymous Coward · 2013-05-04 10:53 · Score: 0
  
  This is why it is common practice to have the user enter a password twice. If you typo twice when entering a new password then you deserve what you get.
no problem by ssam · 2013-05-04 02:13 · Score: 5, Funny

my password is '*********' so there will be no change for me
1. Re:no problem by Anonymous Coward · 2013-05-04 02:41 · Score: 0
  
  You use hunter2 too?
2. Re:no problem by Dwedit · 2013-05-04 03:18 · Score: 0
  
  You can go hunter2 my hunter2-ing hunter2.
3. Re:no problem by jones_supa · 2013-05-04 03:24 · Score: 1
  
  my password is '*********' so there will be no change for me
  Seriously speaking, that (plain asterisks) might be a surprisingly strong password. It would be very weak if someone saw your keyboard, but otherwise, who would get the idea to try that? Even the automatic password crackers might not be prepared to check that one.
4. Re:no problem by cervesaebraciator · 2013-05-04 03:50 · Score: 1
  
  Seriously speaking, that (plain asterisks) might once have been a surprisingly strong password.
  FTFY. Cat's outta the bag now.
5. Re:no problem by jones_supa · 2013-05-04 04:18 · Score: 1
  
  That's true!
6. Re:no problem by ssam · 2013-05-04 04:45 · Score: 1
  
  but given that '*' is a wild card it will actually match any password that i try to log in with.
7. Re:no problem by BitZtream · 2013-05-04 12:19 · Score: 1
  
  Long ago I had access to a rather large list of user passwords (hundreds of thousands).
  From this list, I built up a 'proper' cracking order for passwords, trying all the ones in my password list first, by order of number of times that password appeared.
  That list is pretty universal and still is a good start for cracking today, getting you significantly shorter times to crack passwords using common ones.
  I'm not the first guy who did this, I'm not the last guy who did this, and I didn't even do a particularly impressive job at it as my goal was an academic exercise, not actually hacking accounts.
  Your password wouldn't last long, assuming you could even find any place that would allow you to repeat a single symbol for the entire password. Everyone possible combination of catchy/easy to remember/neat passwords you can come up with are already done. Crackers are smart enough to not only use dictionaries but to use dictionaries in smart ways to augment their guessing patterns. Trying every dictionary word with various leetspeak translations is a good one.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
8. Re:no problem by Anonymous Coward · 2013-05-04 15:35 · Score: 0
  
  Oh c'mon. At least provide attribution.
  bash.org
a compromise for public unmasking by epine · 2013-05-04 02:20 · Score: 1

Password masking becomes increasingly annoying with password length, since any finger fumble becomes nearly impossible to back out with the correct number of backspace presses.
I could live with a masking system that replaced the usual * with a - when the current symbol is from the same symbol set as the previous symbol.
The password in the first line would display with the following mask.
ima6uldv8!!!
*--**---**--
For myself anyway, that would put the backspace key "back on the menu" after a finger blap.
I'd be totally happy if the enhanced unmasking only kicked in after the first eight characters.
1. Re:a compromise for public unmasking by epine · 2013-05-04 02:26 · Score: 1
  
  Addendum:
  It occurs to me that this definition could be modified so that a password all in a single symbol set always displays with only the * character, in addition to the new unmasking only kicking in after the first eight characters, if we wish to keep our fancy logic out from under the dim perceptions and loud scrutiny of the fangle haters.
  The symbol would display as - only if different than the preceding character's symbol set. The first character would always display as *.
2. Re:a compromise for public unmasking by flayzernax · 2013-05-04 03:13 · Score: 1
  
  Linux is about options and this takes the option away.
  When you have increasing issues of password masking the best way is to have two input fields and train the user (this is an ADMIN anyway) to not copypaste.
  Passwords should be long, they should be phrases, with alphanumerics, these are the hardest to crack passwords even if they have a lot of dictionary words. It's a lot harder to crack a 10 word phrase then a 12 letter pure alphanumeric that someone has to right down to remember.
  If your using the phrase approach, then it's actually easy to not have to worry about the mask at all, as most people can consistently type the same phrase 10 times in a row. This is the most ideal solution in our imperfect world without perfect memory and direct brain to computer interfaces.
3. Re:a compromise for public unmasking by HiThere · 2013-05-04 07:28 · Score: 1
  
  Sorry. This chages a default, but it doesn't take away options. OTOH, it would be a perfect occasion to ADD an option. And that's the appropriate way to have handled this.
  If showing the password is controlled by a check box or menu option, then you have added an option. If you just change "always hide the password" to "always show the password" you haven't removed an option. You've just changed a default.
  But I agree(?) that what they should have done is to add an option.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
I don't know my passwords by Anonymous Coward · 2013-05-04 02:22 · Score: 0

I don't know my passwords, only my fingers do, they are too difficult to remember. I don't see how plaintext should help me typing them, even if I knew them, they contain several combinations of similar looking characters and numbers, so it would be more distracting to look at what I am typing. It's like the keyboard, what's written on the keys disturbs more than it helps.
Stupid decision by sootman · 2013-05-04 02:27 · Score: 2

Regardless of whether an idea is good or bad, you should not change decades-old conventions lightly. The proper thing to do at this time is to mask by default and have a checkbox nearby that lets the user choose to show the password.

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Clearly... by Anonymous Coward · 2013-05-04 02:38 · Score: 0

We're in the age of "loudest designer/developer wins - and to hell with the consequences of actual usability"
Fedora 18 by Anonymous Coward · 2013-05-04 02:46 · Score: 1

I need some of the upstream stuff for what I do. So, I upgraded to F18 (PAE).
The experience has been mostly what I've expected with silly things broken:
LVM + LUKs doesn't boot, gnome-terminal auto-resize to nothing in KDE,
pulseaudio's clicks/pops (even with load-module module-switch-on-port-available
commented out), terrible, terrible installer. But the core stuff of KDE seemed
pretty okay. ...until I updated to the latest KDE. Now, everything freezes briefly when a
windows focus changes, what was once very smooth motion is now jerky and stuttery.
It's like the Fedora project is beginning to implode on itself. No regression testing,
no thinking about how a feature impacts other systems, and so on.
I honestly can't see any reason/value why the password's visibility had to change.
How about making the installer more robust instead of doing non-value-added things
like this and calling them features?
you are a fucking idiot by Anonymous Coward · 2013-05-04 02:52 · Score: 0

and uhm. yeah. i mean. there is just no other way to describe it.
Depends.. by Junta · 2013-05-04 03:06 · Score: 2

In some environments, security is an issue. If it's network installable, then chances are they can get the kickstart/unattend/whatever file off the network. For most linux envs done right, the risk is disclosure of the /etc/shadow variant of the file severely mitigating the risk, but in Windows, you cannot use any sort of meaningful protection.
If you do it from stock media, policy may still prevent it from containing the media (e.g. high chance the technician won't take extra care and might lose media with sensitive data).
There are environments that automate everything else except the local administrator passwore. There are very few autoinstall mechanisms that meaningful protect the password across deployment (e.g. the Flex System Manager from IBM does it for the OSes it can deploy, and you can craft a Windows install scheme that has no usable local accounts and relies entirely upon active directory sacrificing the ability to administer it offline, but overwhelmingly the majority of automated OS deployments will leave passwords vulnerable if they are tasked with setting them.

--
XML is like violence. If it doesn't solve the problem, use more.
1. Re:Depends.. by Aighearach · 2013-05-04 04:01 · Score: 1
  
  For most linux envs done right, the risk is disclosure of the /etc/shadow variant of the file severely mitigating the risk, but in Windows, you cannot use any sort of meaningful protection.
  *whew* luckily the feature is only in Fedora
2. Re:Depends.. by BitZtream · 2013-05-04 11:50 · Score: 1
  
  For most linux envs done right, the risk is disclosure of the /etc/shadow variant of the file severely mitigating the risk, but in Windows, you cannot use any sort of meaningful protection.
  Really? Theres nothing you can do to a linux box that makes /etc/shadow as secure or more secure than %SYSTEM%\SAM
  In fact, its far far easier to get at /etc/shadow on Linux than it is the SAM on Windows.
  The SAM on windows requires special hoop jumping to read it, even with SYSTEM (real root equiv, not 'Administrator' which is less than all powerful).
  Opening /etc/shadow is trivial as being root.
  Both are easily defeated by simply booting from a different disk.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
3. Re:Depends.. by Junta · 2013-05-04 13:44 · Score: 2
  
  I'm talking about kickstart/autoyast vs. unattend.xml.
  In kickstart/autoyast/preseed, you can feed in the pre-crypted value. In windows, you must feed in the password. You don't have the option of, say, feeding in the NTLMv2 hash. Of course, NTLMv2 hash is far weaker than any of the modern crypt() strategies in a linux system.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
How about cameras? by devent · 2013-05-04 03:12 · Score: 1

Not only Shoulder surfing, but also security cameras.
It would not be nice if I go to Internet cafés, and the web form will show to all people my passwords in clear.

Schneier now backs an approach taken by BlackBerry devices and iPhones, which display each character briefly before masking it.
That is not good with security cameras or other cameras, like web cameras, or mobile phone cameras, which are quite common in public places like Internet cafés.
PS: I referring to the article of Bruce Schneier: http://www.out-law.com/page-10152 not the article about Fedora. I know that it's very uncommon to install Fedora in public Internet cafés.

--
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
1. Re:How about cameras? by Anonymous Coward · 2013-05-04 08:11 · Score: 0
  
  If I ever have to type my password in a public place on my iphone, I usually spin around slowly while typing it so that multiple camera angles have to be used to catch the whole password. Then I change it when I get to a more secluded location.
Keyboard layout by hene · 2013-05-04 03:14 · Score: 1

Few times I have installed OS with wrong keyboard layout. This is not big problem normally. But when you switch your layout after install. You better to remember run passwd too. At least if you have many special characters in your password. Luckily I had one root shell open both times. Visible password would have prevented this close call.
Makes sense to me... by quenda · 2013-05-04 03:16 · Score: 1

Don't we always say here, "obscuring is not securing"?
1. Re:Makes sense to me... by Anonymous Coward · 2013-05-04 03:40 · Score: 0
  
  Yes, by idiots who misunderstand the statement. Security by obscurity is only bad if your the security mechanism would be compromised by disclosure of the information you're trying to keep secret. But even as Bruce Schneier has said, it is perfectly valid to obscure information even if its disclosure would not compromise the integrity of the security system. Obscuring such information is a perfectly valid first defense against attack.
2. Re:Makes sense to me... by icebike · 2013-05-04 05:00 · Score: 1
  
  I'm thinking you missed a whoosh there.
  Seems like the GP meant a subtle play on words, using obscuring as in "hiding" not as in "rare" or "seldom used".
  
  --
  Sig Battery depleted. Reverting to safe mode.
3. Re:Makes sense to me... by BitZtream · 2013-05-04 11:39 · Score: 1
  
  As another comment to yours said 'yes, but only because people saying it don't understand what they are saying'.
  All security is through obscurity. The doors on your home use keys ... the security is through the obsucrity of the pattern on the key. All currently known forms of encryption are security through obscurity, the password being the obscure part. Your car, be it the key kind or the RFID kind also uses an obscure identifier to let the car know its the right one.
  Your bank uses the obscurity of your secret questions to help secure your account.
  All security as its known on the face of the earth is security through obscurity unless you have a person physically restraining the 'hackers'
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
It's about time by Anonymous Coward · 2013-05-04 03:30 · Score: 0

Back in the pre-historic days of computing, you had a "terminal" and this thing lived basically in front of everybody because you had to share it. That's why password fields started showing up masked. There were too many people around and it was difficult to cover up your password. This is no longer the case and this change is the first step I've seen on an OS that recognizes this practice is no longer needed.
Solved problem by Anonymous Coward · 2013-05-04 03:38 · Score: 0

This is a solved problem on Android.
I've noticed some apps have a "Show Password" checkbox so the user can choose.
Or they show the last character typed for about 2 seconds before changing it to an asterisk.
Either way is superior to always showing the password or asterisks.
My anaconda by Anonymous Coward · 2013-05-04 03:56 · Score: 0

My anaconda don't want none unless it's not masked son!
reality vs belief by brainscauseminds · 2013-05-04 04:04 · Score: 2

"... decided that it is not a security risk to show passwords on your screen in the latest Alpha release of Fedora 19 ..." Security risks is not something that can be "decided" by somebody. There are always risks and showing the password on plain text is certainly more risky than masking it. Or are there some really awesome benefits for showing them in plain. No. Because noone expects that, so both usability and security suffer.
Best Option... by CFBMoo1 · 2013-05-04 04:41 · Score: 2

Password: [_________] (text) Confirm: [_________] (text) Mask/Unmask Password [X] (check box) Everyone is happy.

--
~~ Behold the flying cow with a rail gun! ~~
1. Re:Best Option... by dmomo · 2013-05-04 05:17 · Score: 1
  
  Nice GUI! Do you do freelance?
Is the Linux desktop a solved problem? by gtirloni · 2013-05-04 04:42 · Score: 2

Because all the time the Linux distributions waste on crap seems to indicate so. Are they bored out of their mind that they need to focus on stupid things?

--
none
1. Re:Is the Linux desktop a solved problem? by 0123456 · 2013-05-04 06:19 · Score: 1
  
  Gnome 2 was pretty much complete; they could have spent time fixing bugs and adding a few new features that people really needed... but that's not sexy, unlike implementing a tablet UI on the desktop.
Just close your eyes. by Dtyst · 2013-05-04 04:50 · Score: 1

If you don't want to see your password, just close your eye, doh!
don't trust fedora 19 for security by Anonymous Coward · 2013-05-04 05:01 · Score: 0

got it
Bruce Schneier is not a 'security expert' by Bing+Tsher+E · 2013-05-04 05:03 · Score: 0

He is a non-expert on Crypto who wrote a book that no experts on Crytpo would publish over a decade ago. Since that time he's spent a lot of time blogging about a lot of stuff.
He has almost no credentials to make him a security expert. He's another Kevin Mitnick. Can't the Slashdot community come up with real, credentialed security experts to rely on?
1. Re:Bruce Schneier is not a 'security expert' by Bing+Tsher+E · 2013-05-08 12:26 · Score: 1
  
  He is a non-expert on Crypto who wrote a book that no experts on Crytpo would publish over a decade ago. Since that time he's spent a lot of time blogging about a lot of stuff.
  He has almost no credentials to make him a security expert. He's another Kevin Mitnick. Can't the Slashdot community come up with real, credentialed security experts to rely on?
My password is "incorrect" by Anonymous Coward · 2013-05-04 05:09 · Score: 0

In case I get it wrong, the computer reminds me by saying, "Your password is incorrect".
Re:That's fine by SerpentMage · 2013-05-04 05:21 · Score: 3, Insightful

I don't know if you are sarcastic or not, but I for one am thankful for the maintainers of Fedora. Hear me out...
These days I have to type in passwords that are akin to random letters. I am ok with that. BUT it is BLOODY EFFEN HARD to type in the password into the text field. And if the text field hides the text it becomes annoying to have to input the data again. The problem is that I know my keyboard, but sometimes I have to type twice to hit the correct %^*( character. If I am looking at the keyboard and the screen at the same time things become confusing. Doing this two or three times becomes a royal pain in the arse!
I understand WHY you should not do this, but quite frankly there is theory and there is practice. And in an era of long obtuse passwords I am thankful!

--

"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
It doesn't really matter either way by Anonymous Coward · 2013-05-04 05:33 · Score: 0

Who cares really. It's funny that even the commenters here on Slashdot seem so up and arms, so offended, over such a small thing. It doesn't really matter, trust me, it really doesn't.
Established? by Bert64 · 2013-05-04 05:44 · Score: 0

It's about time people started challenging these "established security protocols"...
Ask yourself what benefit does masking the password bring vs the detriment of doing so.
Benefits:
If someone is looking over your shoulder they won't see the password on screen.
Detriments:
If someone is looking over your shoulder they can watch what keys you press anyway, significantly reducing the above benefit. Looking at the keys is actually easier as the keyboard is usually visible from a greater viewing angle and greater distance.
You are more likely to make errors, especially when typing on a keyboard you aren't used to or which may not be configured correctly (eg wrong keymap, you tried to type one character and got another but you typed the same character both times so the system accepted your input).
If there is noone untrusted looking over your shoulder then there are no benefits at all.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
1. Re:Established? by BitZtream · 2013-05-04 12:39 · Score: 1
  
  Its far easier for me to block my keyboard than it is to block my 3 27 inch montiors, and the laptop that powers them.
  Now a days, users type their password so often that even grandma types it from muscle memory.
  Secure defaults are always better than insecure defaults.
  You've given no actual benefit to unmasking them, just pretend ones that don't actually exist. Considering how many places grandma uses the SAME password, anything you can do to obscure it from prying eyes is a good idea.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Doesn't bother me .. by mordred99 · 2013-05-04 05:49 · Score: 1

If you are following standard security protocols. Most people are up in arms about this in the work place, but if you are following standard protocols at a work place, then it would not matter. An OS is always installed in a non-production network, with a different root password (typically the development network root password as it is distinct from production). Then the new OS is patched, configured with check lists, connected to LDAP servers (or what ever connections you need). The last three steps are to change the static IP to the new production network, Change root password to production root, and shut down the server. Then it is re-patched on the production network and when it comes up, it is secure, and only the admins know the root password.
Microsoft got this one right by Anonymous Coward · 2013-05-04 05:57 · Score: 0

They let you press and hold Insert to view masked passwords during install and when passwords are like WiFi PSKs...
Why not have Ctrl toggle it? by gatkinso · 2013-05-04 07:18 · Score: 2

Default to masked, hit ctrl and it toggles to unmasked. Ctrl while unmasked makes it masked again.

--
I am very small, utmostly microscopic.
1. Re:Why not have Ctrl toggle it? by Anonymous Coward · 2013-05-04 08:45 · Score: 0
  
  So discoverable. Wasn't it yesterday that people complained about having to type "shift" to show "shutdown" in gnome and how this was a outrageous move ?
2. Re:Why not have Ctrl toggle it? by Waccoon · 2013-05-04 14:23 · Score: 1
  
  How would this affect people who use international character sets?
all the fun is gone. by Anonymous Coward · 2013-05-04 07:19 · Score: 0

the next generation of users will be spared fun.
yours sincerely hunter21
Schneier only admits to being "probably wrong". by nuckfuts · 2013-05-04 07:34 · Score: 2

FTA:

"So was I wrong?" wrote Schneier. "Maybe. Okay, probably."
Check your ego and stop waffling. If you're wrong, say you're wrong. Not maybe. Not probably. Just wrong.
This is just sad. by Anonymous Coward · 2013-05-04 08:05 · Score: 0

First, Gnome goes down the toilet. Now, it appears that Fedora is next. Why do developers always think that they know better than the user? :(
1. Re:This is just sad. by eric_herm · 2013-05-04 08:42 · Score: 1
  
  Because all those users that know better do not code anything, that's really too bad that the brightest minds of our century are also the ones that just do not code...
  Maybe in a few years, people will be able to turn slashdot comments into C code, solving all the problem of those developpers not listening to the wisdom of the crowd ?
Maybe it does not matter by Anonymous Coward · 2013-05-04 08:17 · Score: 0

I propose that many accounts can be cracked by using Google Glass and observing people inputting to the keyboard. Actually I can do it in my head now, but Google Glass opens new territory.
Everybody knows your password. by Anonymous Coward · 2013-05-04 08:53 · Score: 0

hunter2
Re:That's fine by manicb · 2013-05-04 09:17 · Score: 5, Insightful

This is a good case for, as suggested by many in the discussion, a "show password" button, as is widely used. I don't see an argument for making it the default.
Actually makes sense by YoungManKlaus · 2013-05-04 09:24 · Score: 1

... because when I set my password I want it to be correct which is way easier to verify when I can read what I type (and I usually don't set passwords when people are watching). Password prompts when you have to enter a password are a totally different story.
Showing passwords is no big deal. by Anonymous Coward · 2013-05-04 12:10 · Score: 0

If I am in a public place, installing a new version of Fedora xx. I see no problem with showing the root password within the Anaconda installer. I always force a very simple one. It is immediately after a successful boot of Fedora, that I enter as "root", and I change the password to something other. Immediately after the password change I usually revise sudo commands (visudo) to accept "wheel" group with/out password. I also verify that I have at least one administrator logon, other than root and he is a member of the "wheel" group.
So, no big deal. If the root password is shown during installation, then change it immediately after a successful boot of the new system.
Re:That's fine by niftymitch · 2013-05-04 13:18 · Score: 1

The original text says installer. For the installer where tha password has been typed only once.... sure!

--
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
Couple of things by soundguy · 2013-05-04 18:11 · Score: 1

1) - Masking the password on the screen is UTTERLY USELESS unless you also have a towel or something draped over the keyboard. It's far easier for a touch-typist to figure out what someone is typing by looking at the keyboard (even from across the room) than it is to make out tiny letters on a typical crappy DC monitor from off-angle or at a distance
2) - If your monitor is facing in ANY direction but at a blank wall or the adjacent row of racks, you're doing it wrong. Always position yourself with your back to the wall, no matter where you are. Situational awareness is always important for one reason or another and it's much more difficult if you don't have control of your 6 o'clock.

--
Nothing worthwhile ever happens before noon
Good by wet-socks · 2013-05-04 20:12 · Score: 1

It's about time some of these security-by-rote rituals were challenged and changed or abolished. They may appear to be making things more secure, but sometimes the actual effect is the opposite, like insisting on ridiculous password policies. For the topic being discussed, I've had to reduce the strength of a friends wi-fi password as it was almost impossible to enter a long complex string correctly on a variety of devices, some with horrible UIs, when you couldn't even see if what you were entering was correct. In this case making visibility an option seems best.
Re:That's fine by Vegemeister · 2013-05-05 01:16 · Score: 1

sometimes I have to type twice to hit the correct %^*( character
Why are you using those in passwords? Just make it longer. Remember, if you have to hit the shift key, you could type two characters instead and have a far stronger password.
Re:That's fine by arkenian · 2013-05-05 04:11 · Score: 2

Because many organizations have weird and bizarre rules for passwords that are not based on actual truth of what makes a secure password. My current favorite is 16! Characters, no words, at least 2 each of special characters, numbers, lowercase and uppercase letters. i.e. so long that NO ONE can remember the things if they're truly randomized. Although they're supposedly switching that particular circumstance over to token-based.
Re: That's fine by Anonymous Coward · 2013-05-05 05:16 · Score: 0

Wow, I did not ex
Re:That's fine by cthulhu11 · 2013-05-05 08:30 · Score: 1

I don't know if you are sarcastic or not, but I for one am thankful for the maintainers of Fedora.
These days I have to type in passwords that are akin to random letters.
I get more annoyed with sites that *wont* let me us @#$%* chars, enforcing only [A-Za-z0-9].

I am ok with that. BUT it is BLOODY EFFEN HARD to type in the password into the text field. And if the text field hides the text it becomes annoying to have to input the data again.

I always compose the new password in my management tool then cut/paste into the text field. Doesn't everyone?
Re:That's fine by Anonymous Coward · 2013-05-05 11:47 · Score: 0

There is a dumb-ification process in IT that I can't explain. All the things that worked get replaced by dymbed down version because a developer/design does not have a use for it, thought it was cool, whatever...
Re:That's fine by dontclapthrowmoney · 2013-05-05 16:02 · Score: 1

My current favorite is 16! Characters...
I initially read that as 16 factorial. That's a long password... http://www.wolframalpha.com/input/?i=16+factorial
Re:That's fine by oreiasecaman · 2013-05-06 09:38 · Score: 1

My current favorite is 16! Characters
By the time you finished typing it the first time, I bet your beard grew more than ten meters!

--
This is a UDP joke, I don't care if you get it or not...
Everybody stop panicking now. by AdamWill · 2013-05-06 13:02 · Score: 1

https://git.fedorahosted.org/cgit/anaconda.git/commit/?id=da565b769979a031f318dbc727b9888e4f1fb37c
"Revert "Add signal handlers for controlling password entry visibility." (#958608)."
Re:That's fine by isorox · 2013-05-15 06:16 · Score: 1

I understand WHY you should not do this, but quite frankly there is theory and there is practice. And in an era of long obtuse passwords I am thankful!
It's better when you work internationally. Our standard desktop admin password contains an @ sign. Which in most counties is shift-', but in the u.s. it's shift-2. It's not obvious which keyboard layout is in place (you also have to type user@domain, rather than domain\user, as \ doesn't exist as any key on the physical keyboard-mapping we have)
Password theory tells me that
Pa55word!
Is an awesome password. 9 characters, capital, lower case, numbers and symbols.
It also tells me that
thisismyverylongandeasytorememberpassword
is rubbish, (or to be exact, "really good, if you put in a random symbol numbers and capitalise some letters")