Password into the ether?

On rare occasions, I’ve typed my into what I thought was the proper box, but I wasn’t paying attention and the cursor had disappeared when I scrolled or otherwise moved the page.
So, did it go off into the internet somewhere, or just not get typed.
More detail:
I open my credit union page and enter my username and click “login”. Then the password page opens and the cursor is in the proper box, but I can’t see the “sign in” button so I move the page up a little. Then I type in my password without looking at the screen. When I look up at the password box, it’s empty. Oops! Not there. If I click in the box the cursor appears and everything works fine when I re-enter my password.
But where did my password go the first time I typed it? :confused:

Keyboard elves took it.

Most likely just not got typed, because you did not have focus on the form. Your keyboard is not “connected” to the internet*. Anything you type in a form only gets sent as part of the form request when you click submit.

  • Unless the web page you are viewing has a malicious JavaScript function that listens for keyboard events

It’s “bosco” isn’t it?

As long as they give to little children on christmas morning, that’s okay. :slight_smile:

As I understand it (and I’m hoping if I’m wrong someone will correct me!), the webpage/program (Word, Excel)/etc have to explicitly be told to accept input from the keyboard (and mouse!)

In the case of your banking page, the underlying page has a specific “textbox” function for you to type in. That function is commonly used, so it is something that most webpage development environments will provide as default when you want to design a page, but it you went further into it you’d find that somewhere in the code is a command that says “read x” or “scan(x)” or some other variant depending on the language which means “take whatever characters the user types and store them into memory under the variable x”.

So if you happen to have focus on the textbox, then you’ve “entered” that function and the computer will remember what you typed. If you don’t have focus on that, then the function isn’t turned on, and you’re just hitting buttons that don’t connect to anything.

They wind up in my garage. It’s quite irritating, really, as there’s no longer enough room for my car with all of those lost passwords.

That’s pretty much it. Different applications may be built to look for human input in different ways, but as Windows and other OSes have evolved, applications have gone from interrogating the hardware directly to making calls on services that do the grunt work of talking to hardware.

In the end, something has to be told to take input from the keyboard or mouse. It’s rather like radio broadcasting - the signals come out of the transmitter and zip right on by unless you turn on your radio.

Thanks, all. Now I know.
I’ll do my best in the future not to over crowd gotpasswords’ garage. Elves only from now on.

Mine’s password.


What’s really irritating is when you start typing before the page has fully loaded. For some reason, IE resets the focus of the cursor to the beginning of the text box (or sometimes the address bar) when the page completes loading, so you end up with something like


Drives me batty.

Okay, okay. Now I get it. “gotpasswords”.
We really need a “shakehead in wonderment” smiley. Sometimes the “rolleyes” is just too harsh.

Mine’s “temp”. Yours is way too easy.

Ah, but company policy is to have alpha-numeric passwords, changed every 60 days.

So obviously mine is password1, password2, password3… no one would have EVER guessed that!

Your keystrokes got swallowed by the default message loop handler.

The OS has a low level keyboard handler - it handles the keystrokes and modifiers and internationalisation and stuff. Each keystroke is bundled into a message - containing the key pressed, the ascii (or unicode) equivalent, any modifiers (shift, ctrl, alt, Apple). The messages get fed into the message loop. Mouse events feed in in the same way

Anything running registers itself onto the message loop, in order of priority. So the message might go to the current focussed application first. If that application has something in focus (like a text field), it will consume and process the message. If not, it passes the message back to the message loop, and the next application in line gets to look at the message. Eventually, the message reaches the last item in the list - usually the desktop handler - which may also consume or discard the message. This is how special keystrokes start at your currently focussed application and end up being processed by the Window Manager.

So where your keystrokes - typed into a browser with no focussed text box - ended up is still a guess. The browser may have consumed the keystrokes, but I doubt it. I expect that they ended up at the end of the message loop, and then got dropped. Of course, if you have been infected with malware, it may have been able to get a peek at those messages. Generally they try to hook themselves in at the top of the message loop, and peek at (but not consume) all messages as they enter the loop. Also, sometimes applications that do not have focus still have active text entry, so your password keystrokes may type your password into that copy of notepad you had open earlier. This is less likely, but I have seen similar things happen.