Input type="text" / Password

[Otuatail]

I am using an input type Text for a password
can this be modified for password. and be able to suport
other browsers like netscape. If not I will ditch netscape

Paul

 

[brucie]

I am using an input type Text for a password

whats wrong with type="password"?

 

[Jukka K. Korpela]

whats wrong with type="password"?

If you ask me, it prevents the user from seeing what he types and
thereby makes it more probable that he needs to type it twice, or
several times, thereby increasing security risks. Of course, it also
makes it awkward to log in. This gets rather mad if the password is
long - the new (!) system of public libraries in the Helsinki area
treats both the customer id (14 digits) and the PIN code (4 digits) as
passwords!

Risks are also increased by the fallacious belief that such effects
actually protect the data. In reality, the password is sent unencrypted
over the network, just as other fields are.

On the other hand, maybe in this case bad practice becomes good
practice by its being so common. That is, users are _accustomed_ to
seeing their input munged into *********** when typing a password, and
they might even think that a page is not secure if it doesn't do such
munging!

 

[brucie]

If you ask me, it prevents the user from seeing what he types

and the person looing over his shoulder

This gets rather mad if the password is long - the new (!) system of
public libraries in the Helsinki area treats both the customer id
(14 digits)

that is the fault of the paranoid freak that thought it was a good idea
for 14 digit IDs to be passwords, not the fault of how browsers render
the the password type.

[...] That is, users are _accustomed_ to seeing their input munged
into *********** when typing a password

i would be more comfortable if nothing was echoed to the screen

 

[brucie]

and the person looing over his shoulder

^^^^^^
looking

although it is even more inappropriate to loo over someones shoulder and
may even be a criminal offense.

 

[Jukka K. Korpela]

and the person looing over his shoulder

Well, yes, that's the theory. But would it be safe to use system that
requires a password if someone can look over your shoulder? In fact, if
someone could look over your shoulder to see what's on your screen, he
will also see the movements of your fingers. And that's something that
you don't think about. So "hiding" the password is illusionary and
makes you less careful.

that is the fault of the paranoid freak that thought it was a good
idea for 14 digit IDs to be passwords, not the fault of how
browsers render the the password type.

Well, that system is clueless enough on its own. Never assume
malevolence or psychosis when normal human stupidity is a feasible
explanations.

Anyway, long passwords often exist. And people who think about
input type="password" the naive way will keep using them even in cases
where its inadequacy _should_ be very evident.

 

[rf]

and the person looing over his shoulder

That would be the silly old cow that runs the library ?

Cheers
Richard.