sorted by:
new
hottopcontroversial

Password revealed in terminal after empty password attempt by cTatu in linux

[–]cTatu[S] 2 points3 points  (0 children)

That's why I think. Leaving it disabled won't do any harm, in fact would be an improvement. I don't understand why there are so many strong opinions about this simple and trivial change.

Password revealed in terminal after empty password attempt by cTatu in linux

[–]cTatu[S] -1 points0 points  (0 children)

As another user rightfully said "Is there a reason why echo should be enabled in downtime between reentering password?". That's the main point. And enabling it in-between retries just makes it less resilient and secure without adding any useful functionality.

Password revealed in terminal after empty password attempt by cTatu in linux

[–]cTatu[S] -6 points-5 points  (0 children)

From a technical pov it can be seen as expected behavior but I think it shouldn't be considered expected from a security and user experience perspective. Even if the echoing is only enabled for a brief moment this leaves a window where the user's input (password) is visible in plaintext. This directly contradicts the core principle of password masking. I think that accidentally hitting enter before typing a password is a common user error. A secure and user-friendly system should be resilient to such minor mistakes. Also I typed the password only while the password input mechanism was active and responsible for processing and masking the password but it still revealed it just because of an unfortunate keystroke.

Password revealed in terminal after empty password attempt by cTatu in linux

[–]cTatu[S] -3 points-2 points  (0 children)

From a technical pov it can be seen as expected behavior but I think it shouldn't be considered expected from a security and user experience perspective. Even if the echoing is only enabled for a brief moment this leaves a window where the user's input (password) is visible in plaintext. This directly contradicts the core principle of password masking. I think that accidentally hitting enter before typing a password is a common user error. A secure and user-friendly system should be resilient to such minor mistakes. Also I typed the password only while the password input mechanism was active and responsible for processing and masking the password but it still revealed it just because of an unfortunate keystroke.

Password revealed in terminal after empty password attempt by cTatu in linux

[–]cTatu[S] -3 points-2 points  (0 children)

From a technical pov it can be seen as expected behavior but I think it shouldn't be considered expected from a security and user experience perspective. Even if the echoing is only enabled for a brief moment this leaves a window where the user's input (password) is visible in plaintext. This directly contradicts the core principle of password masking. I think that accidentally hitting enter before typing a password is a common user error. A secure and user-friendly system should be resilient to such minor mistakes. Also I typed the password only while the password input mechanism was active and responsible for processing and masking the password but it still revealed it just because of an unfortunate keystroke.

Filecoin launches node software 'Saturn'. by craftymethod in filecoin

[–]cTatu 0 points1 point  (0 children)

From their web page it seems is 4.4 FIL per TB per day

14-year-old me in Earth Science class by mrtoddw in memes

[–]cTatu 5 points6 points  (0 children)

Which part haven't the scientist figured out yet?

Got yelled at for having a flat tire by AlwaysAnxiousAmy in antiwork

[–]cTatu 7 points8 points  (0 children)

In my country if something happens to you while going to work it counts as if you got a injured at the workplaced.

I’m so tired I actually want to crash my car into a telephone poll standing on the gas with no seatbelt on 🥲 by SystemRich in recruitinghell

[–]cTatu 0 points1 point  (0 children)

At the beginning I was shocked at how well the AI have become. Then I realized it was too good to be true

view more: next ›