Ever since I’ve carried a mobile phone, it’s been an aggravation that nearly always, when prompted for a password, the app I’m using hides the characters as I type, other than perhaps showing each one for a split second after it is typed. I understand, of course, that this is considered a fundamental component of proper security, and for relatively non-mobile equipment it makes a lot of sense. After all, even if you are using a notebook you might be in an airport concourse, for example, where some malicious person could conceivably stand behind you and watch you type. And it might be awkward or inconvenient to move to a seat by the wall, just to defend against that possibility.
But on my smartphone, really? Smartphones were designed to be the very essence of mobility, so it’s almost always possible to position oneself so as to be sure nobody could possibly be looking over your shoulder. Moreover, unlike larger devices, the small keyboards of smartphones, whether physical or on-screen, make it easy to mistype a password. And no, I’m not going to to attempt to Swype my way through a password that is required to contain at least one capital letter, one numeral, and one special character.
So my question is: Beyond the obvious, yet in my opinion unnecessary, purpose of preventing someone from watching you type your password, is there another reason that smartphone apps generally have to work like that? For example, if the user is allowed to see the entire password as it is typed, does that necessarily imply a more deeply-seated flaw that makes it easier for more sophisticated hackers to grab passwords from “inside” the device, as it were?
I don’t get it either and find it exceedingly annoying. In almost all cases, regardless of device, I find it quite unnecessary and would like to see the option of quickly and easily turning it off become more common.
I appreciate it when programmers add the extra “show password” selection box so I have the option to keep it hidden or reveal it depending on particular circumstances.
It could possibly make a difference if your little toy gets infested with malware.
You’ve all heard of key loggers, that eavesdrop on every keystroke. There are also screen readers, and a malware version of that could spy on the text that appears on your screen. So hiding the password on-screen could protect from that, at least.
Well, I know that on my android smartphone, under Settings > Security there is a handy little checkbox that says “Make passwords visible”. Between this and most all apps I use having a “show password” checkbox themselves when they override this basic setting, I don’t think there’s more than one app that hides my password regardless. It only uses a 4-digit pass anyway, so it’s not annoying.
If you’re using an iphone or other os, sorry, no idea.
It’s good that you’re careful, but until the other hundred million or so other people in the country get the memo, it’s probably a good idea to keep the passwords hidden.
The reason for obscuring a displayed password field goes back to the days of CRT terminals - you can observe the display of a CRT with simple equipment from quite a distance - up to a hundred metres. It does not matter how much protection or encryption you apply to your data lines, if an observer can see a password in the clear displayed on a screen your data security is nil. So replacing the displayed character with a standard character (*****) is just common sense. Of course, govt and military systems were shielded to prevent this, but commercial equipment was not.
Also, you might get interrupted during password entry, or just a partial glimpse might be enough to give an observer a clue as to the whole password. It is just safer all round.
I’m in the opposite camp…I’ve used phones that displays the letters of my password for a second as I type them, and I don’t want that. I sometimes have to unlock it when people are nearby, and have to be more careful about how I do it because the letters show up.
Yes, it’s a small risk. But a small risk is more than no risk. I don’t want them to show up.
Believe it or not, I have a physical QWERTY keyboard on one of the two phones I carry. And it’s the one with that quirk. The smudges are much harder to see on the physical keys.
Back when CRT monitors were the norm, it was pretty easy to build equipment with components from Radio Shack that would let you clone a display from a pretty large distance. That is, by reading the radio interference thrown off by your display, I could make the same image appear on another display.
Even further back, when computer terminals were converted teletype machines, when it came time to type in your password the machine would first print multiple characters over and over in a box the length of the longest allowed password, because that would make your password unreadable on the paper printout, and there was no way to get the machine to not print everything you typed.
So I assume it is a bit of a holdover, but maybe it is still pretty easy to grab a screencap of your phone remotely, so it adds safety if your password is never actually shown on the screen.
Possible, yes. But observing other people operating smartphones shows IMO that in practice they don’t have the attention to spare. Look at people typing into a phone while walking - even when they do not walk into things or get run over, they walk slowly and mainly trust other people to dodge them.
Also there are occasions where you want to show other people something on your phone screen - occasions in the middle of which you may be prompted for a password.
