[susi22]

We aren't even save from this:

http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_E...

but then we should just show the passwords on the screen we enter? That's just insane. Linux command line doesn't even show a * when entering a password. That's how it should be.

We should be paranoid about passwords and not display them.

[gizmo686]

As much as I enjoy linux and its commandline, that is one thing that really annoys me. The number of characters is not that useful of information. For example, in the times it takes to brute force a password known to be N characters, you could have brute forced every password with fewer than N character; so hiding the length of the password is no better than adding one more character. Furthermore, providing an indication that a key-press was registered prevents the two most common reasons for mis-entering a password: not pushing a key hard enough and pushing a second key while pushing one from your password.

Having said that, when I write a script that needs to be provided with a password, I just make it hide what I am typing. "read -s" is so much easier than whatever I would have to do to make it show * s.

[omonra]

Did you read the part about 'mask my password' checkbox option?

[korg250]

Why not the other way around?|