[toast0]

Does showing asterisks or dots help mask the signals from the keyboard vs not showing anything (ala most unixy auth)?

I'm pretty sure passwords are not shown to reduce shoulder surfing, especially from across the room.

[jonathankoren]

The dots are just there for shoulder surfing and to give a visual feedback to the user.

If you want to steal a password, all the cool kids use a microphone or your phone's accelerometers.

https://arxiv.org/abs/1609.09359

https://www.cise.ufl.edu/~traynor/papers/marq-ccs11.pdf

https://phys.org/news/2017-04-criminals-pin-tracking-motion....

[carapace]

Those are much more recent attacks. We're talking about a time when CRT screens were the norm, they are noisy enough to read from quite a distance.

> A cathode-ray tube (CRT) is a vacuum tube containing one or more electron guns, which emit electron beams that are manipulated to display images on a phosphorescent screen.

https://en.wikipedia.org/wiki/Cathode-ray_tube

That causes a bit more signal than a keyboard, mic, or MEMS accelerometer, eh? :)