On Wed, Dec 18, 2024 at 12:10 PM Chris Green <c...@isbd.net> wrote: > > Michael Kjörling <c9bc136c6...@ewoof.net> wrote: > > On 17 Dec 2024 21:41 -0600, from deb...@lionunicorn.co.uk (David Wright): > > > As you have to select the subset from some listboxes with a mouse, > > > I would guess that the step is designed to defeat key-logging. > > > > If someone has maliciously installed a keylogger, there's also likely > > some kind of screen recording software, so this seems like security > > theater. > > > Yes, I think things like key loggers or even simple 'shoulder surfing' > are the commonest ways of passwords being 'broken'.
Shoulder surfing has never been a problem for most users. People sense when someone is standing behind them and watching them. Homo sapiens developed the defense millions of years ago at a time when we were prey. (Gutmann discusses this in his book. I believe it is under the chapter on User Psychology). The useless password blanking/masking that hides typos is a solution looking for a problem. And it creates problems where none previously existed. The one that really irks me is when entering a Wifi password on a big screen tv. I would know if someone was looking in my bay window. And if I am really paranoid I can close the curtains. There's no need to blank/mask password characters. And I am aware Edward Snowden puts a blanket over his head and laptop when he unlocks his laptop. He is not a typical user. He is guarding against hidden cameras monitoring keyboard keystrokes. Password blanking/masking won't help him, either. Jeff
