Re: How to have password shown?
On 2019-07-04, deloptes <email@example.com> wrote:
> Renato Gallo wrote:
>> Fingerprints are a good option
>> Renato Gallo
> No, they are not and it was explained previously why
Sure they are (depending on the use case/implementation). These things are
completely comparative and situational and your statement completely
unqualified and universal. The OP desired having the password revealed in
plaintext on the terminal/console. Another person thought an insecure password
like 12345 might do the trick. Still another suggested a passwordless login
for the OP's venerable paternal element. I was asking myself how the
blind/visually impaired handle the problem. And the cognitively impaired. And
those suffering from motor impairments which might render any "fine" use of the
keyboard a painstaking affair.
Reco's objections to fingerprints as an authentication method, to which you
might be alluding above, called to mind what I'd previously heard from Schneier
concerning biometrics years ago. Let's see what he said in 2009 (update to an
essay written in 1998).
And a stolen biometric can fool some systems. It can be as easy as cutting out
a signature, pasting it onto a contract, and then faxing the page to someone.
The person on the other end doesn't know that the signature isn't valid because
he didn't see it fixed onto the page. Remote logins by fingerprint fail in the
same way. If there's no way to verify the print came from an actual reader, not
from a stored computer file, the system is much less secure.
A more secure system is to use a fingerprint to unlock your mobile phone or
computer. Because there is a trusted path from the fingerprint reader to the
stored fingerprint the system uses to compare, an attacker can't inject a
previously stored print as easily as he can cut and paste a signature. A photo
on an ID card works the same way: the verifier can compare the face in front of
him with the face on the card.