I like the idea, so much so, that I wrote a cross browser script to do this on the page:
http://blog.kaosweaver.com/index.php?entry=entry080213-114936
I built my own password entry dialog. It shows boobies of various shapes and sizes while I type in my password, causing substantial distraction.
I don’t even bother hiding the characters.
This even works on the women in the room. They’re too distracted by their own feelings of discomfort to pay attention.
Only problem is that sometimes I forget what I’m doing.
When I was switching over to Dvorak, I would have really appreciated the ability to reveal my passwords with a check button. It is a huge hassle to relearn one’s passwords in a layout that doesn’t match the symbols written on the keys.
If this ever gets widely implemented, I just pray to whoever that it will only display the password for a brief second. Long enough to identify a mistake, but not a permanent toggle.
Government workers were mentioned above, and it’s true. They actually put on their resume “Can remember passwords sometimes”. They would leave the password revealed always.
the most infuriating thing on XP with the wi-fi passwords, which ARE obscured, is it forces you to type them TWICE and there is no option to reveal the actual text. great, thanks, just what I need when entering some absurdly-long key.
OS X has had the reveal option for ages.
Modest proposal: keep the reveal option only for passwords that aren’t habitually entered; i.e. keys, or preferences for an automated login. These are also the most likely to be written down somewhere to visually compare.
Often, the “typed-in” ones aren’t written down anyway, so verification consists of simply typing slower and more carefully. That doesn’t work for a password that you don’t usually enter, because you can’t just consult your memory for the correct characters, but rather another source.
“Not trying to troll here, but the hieroglyphics on Lotus Notes are not for distracting people looking above your shoulder. They change as you type the password, and their purpose is to prevent spoofing of the login window by a trojan or malware trying to capture the password.”
- So now trojans and malware will have to be smart enough to randomly generate hieroglyphics… if it is targeting Notes, I don’t see how that is going to be very difficult. Additionally, i doubt any users would notice if the hieroglyphics changed much.
Brian, obviously in OS X you can save the password of any network which you don’t want to repeatedly enter it.
I’ve never recovered from the shock, back in the early 90’s when a student ran a program named something like “bond007.exe” on one of our lab machines that turned the asterisks into the plaintext.
I’m an old command line type and so I’m used to typing passwds with nothing appearing one screen…
But then I’d learned to do UNIX commands with the screen
dead/swamped with output/turning letters into bits of boxes/… Even with the bottom half below the edge of the CRT.
Dick@neanderthal.not
“OT: Why is the Captcha always orange?”
As explained in an old post the static captcha is used because it works.
So far there have been no robots getting through so there is no reason to do something different.
"Brian, obviously in OS X you can save the password of any network which you don’t want to repeatedly enter it.
geekbot on February 13, 2008 09:15 AM "
Negative.
Come outa sleep and i gotta either reboot or go through the network diagnostics to reestablish a network connection. Network diagnostics forces rentry of network password, it acts like it is identifying the network for the first time, it also requires the router to be rebooted.
Do not pass go, do not collect 200$. It does not remember the password entered previously.
So just because OSX has had a feature for 2 years doesn’t make OSX a good OS. The fact windows is incorporating good features that OSx has is great, it adds all those candy features to a solid OS. All OSX has is those “neat” little features.
I was joking about the Reason of the feature in OSx. From my standpoint, with this buggy MacBook Pro, the feature is because network password reentry is required after comming outa sleep. I’m sure apple added the feature because they are “innovative” or whatever.
“If Windows were to implement this, I would hope that there would be a way to turn it off via group policies - I can just imagine some malicious person sneaking in and checking the “show password” box while someone wasn’t looking, then watching while some person who didn’t know enough about computers to notice puts in their password and… bang! It would be useful at home, sure, but for corporations, schools, government, etc, it would be too big of a security risk.”
Ditto. Beat me to it.
Personally, I can’t see myself using it. I create a password and then get so used to typing it in I rarely make a mistake, and when I do I just type it in again. It would take me more time for me to navigate to the checkbox then to just retype my password. If your password takes more then two seconds (literally) to type, then either you’ve got it way too long or way too complex than it needs to be.
However, having a random number of *'s appear as you type is beneficial. For someone who wants to see you type but can’t, will still have a much easier time determining your password with brute force
Have you ever used a password dialog that emits a random number of asterisks/dots when you type a character? It is really confusing. Did you press one key… or two? Hard to appreciate how weird it really feels until you try yourself, but suffice it to say, it ain’t good.
As someone else mentioned it deviates from MS UI and that makes it harder to learn. But then again Apple deviated from MS UI and that was a good thing!
Yes, but Apple deviates in (usually) good and at least sensible ways. In Notes, every “clever” feature is usually considerably worse than the standard they deviated from.
At least Microsoft recognizes a good idea and steals it … wait - Microsoft always steals good ideas.
I’m not so sure. Internet Explorer needs to be stealing a lot more great features from Opera, Firefox, and Safari. Ditto for Vista.
If your password takes more then two seconds (literally) to type, then either you’ve got it way too long or way too complex than it needs to be.
I disagree.
Jeff, I am sure there are any number of readers now rolling on the floor experiencing a Lotus Notes flashback seizure: please don’t do this again (think of the victims!).
Originally, passwords have been hidden or scrambled in some way, anyway you want but not plain readable, because of CRTs electromagnetic leaking: guys from a 3 letter acronym agency in a van parked outside can see an image of your screen unless you are in a shielded room.
If you can see a password so can they!
This is also why displaying the correct number of ‘*’ (or any generic char) was not considered secure enough as it helps a lot in cracking the password.
And curiously a lot of vans have always been parked near embassies, government buildings, big corporation headquarters… 
“If criminals really want to get your password, they’ll be watching your fingers on the keyboard or using keylogger hardware.”
This may still be a valid reason to obfuscate passwords on screen in some situations:
http://en.wikipedia.org/wiki/Van_Eck_phreaking
And look at that, someone beat me to it while I was searching for the correct name.
It’s actually possible with flat screens as well by the way.
“Show Password on Mouseover” [ http://userscripts.org/scripts/show/1893 ] is a Greasemonkey userscript which works well.
I’d suggest taking a look at the Mac Keychain application.
Most computer-remembered passwords are stored there, and each individual one can have it’s text revealed after you enter your login password.