Page 1 of 1

visible password

Posted: Fri Jun 28, 2019 11:39 am
by ldavid
Recently Sonic added a new feature next to password box an eye that makes the password visible. I was told that is for elder people who forget their password. Put if someone forgets his/her password then how does making it visible when typed helps to remember the password? Users should write their password in a safe place if they have dementia or memory problem. This feature is totally unnecessary and probably makes it easier for hackers to access private information.

Re: visible password

Posted: Fri Jun 28, 2019 12:29 pm
by kyle.depasquale
I'm pretty sure this is a browser feature, not something that Sonic specifically enabled.

Re: visible password

Posted: Fri Jun 28, 2019 2:00 pm
by kgc
Allowing users to optionally show passwords as they are being typed in has been recognized as best common practice for many years. This helps facilitates use of more secure (complex) passwords by reducing the likelihood of typographical errors while entering passwords. If you're curious, I highly recommend reading the current NIST guidelines. It's particularly interesting how so many of the old password requirements (aging, enforced complexity, and so on) have actually reduced the overall security of password based systems by encouraging the use of "P@55word1" "P@55word2" "P@55word3" and so on.

Two Relevant Posts:
https://www.lukew.com/ff/entry.asp?1941
https://auth0.com/blog/dont-pass-on-the ... uidelines/

And the NIST Guidelines for some light reading.
https://pages.nist.gov/800-63-3/sp800-63-3.html

Re: visible password

Posted: Tue Jul 02, 2019 11:53 am
by ldavid
Remember NIST is the agency that wrote a report for 911 commission suggesting twin towers came down because of fires. But Architect and Engineers for 911 Truth seriously dispute their findings. Please see AE911Truth.org. You can't trust NIST every time they write a report!