Why not simply provide a way to show the password always? I believe that Microsoft always provides the little eye icon in their new password input fields. If anything, I'd have this feature on by default.

If you are pwned to the extent that an attacker is scraping pixels, I don't think we need to worry about passwords. A key logger is a much lower bar.

In that vein, I can understand the desire to suppress visual feedback for passwords when screen sharing is enabled. Even there, I'll argue for leaving the button enabled. Users need to understand that they are sharing anyway, and this is a fairly obvious thing.

On 12/12/14 14:59, Andrew Sutherland wrote:
One of the UI polish issues that is facing Firefox OS apps is inclusion
of a "show password" mechanism.  Although the adoption of Web Components
makes this something that can be addressed in a somewhat unified
fashion, this seems like an affordance that is probably universally
desired on (at least) mobile/touch devices, and not just web apps/pages
explicitly targeted at mobile/touch devices.

Is it reasonable to try and standardize support for an
"allow-show-password" boolean attribute and corresponding
allowShowPassword property on HTML inputs with type=password?  There
would also be a showPassword property.  When allowShowPassword is true,
a checkbox with "Show password" would be displayed.  When showPassword
is true, the contents of the password field would be displayed.  (Note:
I've done some preliminary web searches (bugzilla, whatwg lists) and
haven't seen real discussion on this, but I could be wrong/bad at
searching.)

Content would need to explicitly set the attribute to true to have the
UI displayed (if available).  If omitted, long-press context UI for
enabled input fields could perhaps show a menu option for "Show
password" that would make the checkbox visible and automatically check
it.  The reason for not showing the UI by default is that it's possible
a lot of existing web content may have already implemented their own
"show password" mechanism and there likely would be layout breakage in
many pages.  Because of the breakage concern, it might also make sense
to just have the long-press menu option perform the toggle directly but
not introduce the checkbox UI.  The main UI concern there would be users
who accidentally turn on "show password" and don't know how to turn it
back off again and are in a hostile-ish situation.

The primary security/privacy concern is the case where insecure web
pages initially populate the password field with the user's actual
password instead of dummy/placeholder characters.  In that case a
limited attacker with access to the browser's UI but not any type of
devtools (including "view source") might newly have the ability to see
the password.  I'm not sure that's a situation worth protecting against,
but in that case it could make sense to require "show password" to clear
the password while making it visible.

Andrew
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to