[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to have password shown?

On Wed 03 Jul 2019 at 18:34:28 (+0300), Reco wrote:
> On Wed, Jul 03, 2019 at 03:29:27PM +0200, Renato Gallo wrote:
> > Would be nice for any cracker if it could be possible to get access by shoulder surfing my fingerprint reader ;)

One hears gruesome stories about fingerprint security.

> Using a fingerprint instead of a password is a bad idea. Using a
> fingerprint instead of a username - that's OK.
> You can change a password if it's leaked.
> You cannot change your fingerprint (legally, that is). And one leaves
> fingerprints on every surface one touches.

And on occasions it can be hard to come up with a good impression;
for example, after a week or two's rock climbing in the Cuillin of Skye,
the tips of your fingers are worn smooth by the gabbro.

But it does disappoint me that there aren't more options for how
characters are reflected (or not) when typing passwords; not
forgetting passphrases either. LUKS types asterisks under some
circumstances and nothing under others. I haven't managed to pin down
how that decision is made or which binary makes it.

You can make shoulder-surfing more difficult by overwriting each
character a fraction of a second after it's typed.


Reply to: