Ask Slashdot: Is Password Masking On Its Way Out?

New submitter thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern. Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda) and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot: is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?

Re:what else do you think it does?

[Tony+Isaac]

At least on Windows, password masked text boxes also prevent copying of the contents of the box to the clipboard. This prevents someone from using a Back button to return to a logon screen to find out what password was typed there.

Re:Masquerade

[whoever57]

I ran into a worse problem recently.

The website runs some javascript on the entered email address, which prompts a server somewhere to attempt to validate the email address. The attempt is achieved by beginning an smtp transaction to the MX host for the domain name.

Now, combine this with postgrey: the mail server sends back a temporary failure, which the server stupidly interprets as the email address not being valid.

The stupidity of this whole setup is monumental. Not least because exchange servers will accept emails for non-existent addresses in its default configuration.