Recent searches
Search options
Hey #webdev friends, I never got far enough on my webdev sudies to answer this but I continue to be curious because it just came up again:
Is there a purpose or advantage to having password fields (both "create a password" fields, or just the normal field for entering a password) where there is NOT an option anywhere to see what you're typing (i.e. your typed text is hidden)?
Because it's really, really annoying. I'm hoping there's a good reason.
@hollie it's just for shoulder surfing. It's pretty unlikely that a trojan which can screenshot your device can't also record keystrokes.
@hollie iow: yes, it's just condescending, bad practice
@j12i Yeah if I'm at home the majority of my time, it just makes problems. :/
@hollie it helps for auto fill by password managers
Also if you inspect element on the password input and change the type to text it will just become visible.
@hollie Cuz developers are dumb and lazy and leave this out because it's extra effort. :)
@hollie NIST specifically recommends including this option: https://www.netsec.news/summary-of-the-nist-password-recommendations-for-2021/
@madewokherd This was a fascinating read, thanks!