Posting 
Asterisks 29 June 2009 14:05
Masking of passwords goes back a lot longer than the writer of this
blog post realises. In the days of hard copy devices such as ASR33
teletypes, the reason was obvious, and compelling. Less compelling
today I agree, but I still can't see it as a big problem. The fact
that there usually isn't anyone shoulder-surfing when I type my
password is a poor argument; neither is there usually anyone waiting
to burgle my house when I go out, but I still lock the door. Yes, I
mis-type my password as often as most people, and usually I'm aware
that my fingers have missed a key, so I press backspace and start
again. I'd rather do that than have it exposed on the few occasions
when someone is with me, or standing behind me - and I don't have
eyes in the back of my head.
There are indeed security rules that have outlived their usefulness,
but this isn't one of them. Instead, let's look at password expiry.
Surely much better to pick a really good password, keep it secure,
and keep it for years if you like, than change it regularly, almost
forcing people to write it down.
Regards - Philip
- Threaded View
- Flat View
