Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > HTML > Input type="text" / Password

Reply
Thread Tools

Input type="text" / Password

 
 
Otuatail
Guest
Posts: n/a
 
      12-12-2003
I am using an input type Text for a password
can this be modified for password. and be able to suport
other browsers like netscape. If not I will ditch netscape

Paul

 
Reply With Quote
 
 
 
 
brucie
Guest
Posts: n/a
 
      12-12-2003
in post <news:(E-Mail Removed)>
Otuatail said:

> I am using an input type Text for a password


whats wrong with type="password"?

--
brucie
12/December/2003 10:42:59 pm kilo
 
Reply With Quote
 
 
 
 
Jukka K. Korpela
Guest
Posts: n/a
 
      12-12-2003
brucie <(E-Mail Removed)> wrote:

> whats wrong with type="password"?


If you ask me, it prevents the user from seeing what he types and
thereby makes it more probable that he needs to type it twice, or
several times, thereby increasing security risks. Of course, it also
makes it awkward to log in. This gets rather mad if the password is
long - the new (!) system of public libraries in the Helsinki area
treats both the customer id (14 digits) and the PIN code (4 digits) as
passwords!

Risks are also increased by the fallacious belief that such effects
actually protect the data. In reality, the password is sent unencrypted
over the network, just as other fields are.

On the other hand, maybe in this case bad practice becomes good
practice by its being so common. That is, users are _accustomed_ to
seeing their input munged into *********** when typing a password, and
they might even think that a page is not secure if it doesn't do such
munging!

--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html


 
Reply With Quote
 
brucie
Guest
Posts: n/a
 
      12-12-2003
in post <news:Xns944FB13B7224Bjkorpelacstutfi@193.229.0.31 >
Jukka K. Korpela said:

>> whats wrong with type="password"?


> If you ask me, it prevents the user from seeing what he types


and the person looing over his shoulder

> This gets rather mad if the password is long - the new (!) system of
> public libraries in the Helsinki area treats both the customer id
> (14 digits)


that is the fault of the paranoid freak that thought it was a good idea
for 14 digit IDs to be passwords, not the fault of how browsers render
the the password type.

> [...] That is, users are _accustomed_ to seeing their input munged
> into *********** when typing a password


i would be more comfortable if nothing was echoed to the screen

--
brucie
13/December/2003 01:45:09 am kilo
 
Reply With Quote
 
brucie
Guest
Posts: n/a
 
      12-12-2003
in post <news:brcofc$209pn$(E-Mail Removed)-berlin.de>
brucie said:

>> If you ask me, it prevents the user from seeing what he types


> and the person looing over his shoulder

^^^^^^
looking

although it is even more inappropriate to loo over someones shoulder and
may even be a criminal offense.

--
brucie
13/December/2003 01:58:02 am kilo
 
Reply With Quote
 
Jukka K. Korpela
Guest
Posts: n/a
 
      12-12-2003
brucie <(E-Mail Removed)> wrote:

>>> whats wrong with type="password"?

>
>> If you ask me, it prevents the user from seeing what he types

>
> and the person looing over his shoulder


Well, yes, that's the theory. But would it be safe to use system that
requires a password if someone can look over your shoulder? In fact, if
someone could look over your shoulder to see what's on your screen, he
will also see the movements of your fingers. And that's something that
you don't think about. So "hiding" the password is illusionary and
makes you less careful.

>> This gets rather mad if the password is long - the new (!) system
>> of public libraries in the Helsinki area treats both the customer
>> id (14 digits)

>
> that is the fault of the paranoid freak that thought it was a good
> idea for 14 digit IDs to be passwords, not the fault of how
> browsers render the the password type.


Well, that system is clueless enough on its own. Never assume
malevolence or psychosis when normal human stupidity is a feasible
explanations.

Anyway, long passwords often exist. And people who think about
input type="password" the naive way will keep using them even in cases
where its inadequacy _should_ be very evident.

--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html


 
Reply With Quote
 
rf
Guest
Posts: n/a
 
      12-12-2003

"brucie" <(E-Mail Removed)> wrote in message
news:brcofc$209pn$(E-Mail Removed)-berlin.de...
> in post <news:Xns944FB13B7224Bjkorpelacstutfi@193.229.0.31 >
> Jukka K. Korpela said:
>
> >> whats wrong with type="password"?

>
> > If you ask me, it prevents the user from seeing what he types

>
> and the person looing over his shoulder


That would be the silly old cow that runs the library ?

Cheers
Richard.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Change a users password without knowing the old password nor the answer to the password question AAaron123 ASP .Net 1 01-16-2009 02:56 PM
Changing a users password without knowing the old password nor the answer to the password question AAaron123 ASP .Net 2 01-16-2009 02:08 PM
Width of text input box vs. password input box cjl HTML 1 10-31-2005 11:46 AM
Off Topic: Width of text input box vs. password input box cjl Javascript 7 10-30-2005 10:11 PM
Adding a password to Mozilla Password Manager Dirk Firefox 4 10-28-2003 10:00 PM



Advertisments