Comments on: Just because Jakob says it doesn’t make it right (or smart)

By: Kearns

Kearns — Mon, 29 Jun 2009 21:13:01 +0000

My complaint isn’t the masking, it’s sites that only allow 3 attempts but have heavily restricted what you can use for a password, so you end up using a password so far from what you usually use (system hopefully and not the same password everywhere) that you’re locked out each and every time. I still can’t figure out why there is any type of restriction on what I can use in a password outside of length. You think you are making my password stronger for me, but you’re just reducing the number of options possible and therefore making my password weaker…

By: Will M

Will M — Mon, 29 Jun 2009 20:33:37 +0000

Any example has holes, sadly. But there’s usually a reason an example is a common one, because it happens often enough. Regardless of what the example is, there are still plenty of people that don’t always think about their security, and sometimes will view things like a password as an un-needed burden. This type of stuff is there for their protection.

What is even more impressive, there are some sites (such as my banks website) use the masking for the user-name to give the extra security.

By: Scott

Scott — Mon, 29 Jun 2009 19:45:56 +0000

I actually avoided that particular example because it’s the common example and it’s extremely easy to defeat that one (look over your shoulder, scrunch closer to your monitor, ask people nearby to turn around, etc.).

I decided to go with two more obscure examples because they’re less obvious.

By: Will M

Will M — Mon, 29 Jun 2009 19:32:08 +0000

I agree with you on this, although I think a better example of keeping password masking would be the over-the-shoulder looker. The person who might be walking around an office pretending to delivering a box or something and watching the screens of people and see the passwords that they enter far easier than it would be to try to catch what they type upon the keyboard.