Steven D'Aprano <steve+pyt...@pearwood.info> added the comment:

See also #36566. (Thanks Cheryl.)

I think the usability improvement for this far outweigh the decrease in 
security.

The days where somebody looking over your shoulder watching you type your 
password was the major threat are long gone. Hiding the length of the password 
against a shoulder-surfing adversary is so-1970s :-)

For old-school Unix types we ought to default to hiding the password. But I'm 
+1 in allowing developers to choose to trade off a tiny decrease in security 
against a major increase in usability.

The bottom line is that if you have a weak password, hiding the length won't 
save you; if you have a strong password, hiding the length doesn't add any 
appreciable difficulty to the attacker.

----------
nosy: +steven.daprano
versions: +Python 3.9 -Python 3.8

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue32884>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to