Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Is Password Masking On Its Way Out?

Posted by BeauHD on from the unmasked-department-name dept.

New submitter thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern. Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda) and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot: is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?

3 of 234 comments (clear)

  1. Because of new "Not Secure" browser messages by JoeCommodore · · Score: 4, Interesting

    If you get a password field on a web page the browser will display various scary looking messages depending of the security of the page.

    Generally if its a local network page with an IP address (most router interfaces) having the password field will have the browser alert you the page is "Not Secure" of the address bar. If its a self signed certificate (which ads encryption between you and the browser, the message is even scarier with red fields or strikethroughs as a spoofed certificate COULD be playing a man in the middle confidence scheme. Only ones that get through this is devices that have set up proper certification.

    So the easiest way to avoid a lot of the scary "not secure" address bar messages, is just do the login in plain text.

    --
    "Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
  2. Re: what else do you think it does? by Anonymous Coward · · Score: 4, Interesting

    They do... now. Originally the value of fields was not visible in the DOM properties and could not be queried via window managers either. It's almost as if putting advertising companies in charge of browser security was a bad idea.

  3. Re:what else do you think it does? by Zebai · · Score: 3, Interesting

    I love websites and programs that give me the choice to unmask however I'm seeing more and more masking when its NOT necessary to do even for non password related fields.

    At my work they seem to think masking makes things ultra secure for all important data items. Fields that require you to input credit card numbers, cell phone numbers, all sorts of data are now masked on the pretense that it makes things more secure. It does not, over shoulder watching is not even an issue, this is a work application accessible via intranet only the only people who can see it already have permission to do so they don't even need to be sneaky by hiding behind me it is a secure workplace after all. Bit of a rant here I'm just a bit peeved as I now have to type into a very unsecured notepad just to make sure my data is accurate before submitting.