unmasking passwords as I write

[palmharbor]

I am going nuts with Passwords and username & apps that only work once in a while.
I use my Mac in my house and I do not need secrecy by obscuring
my passwords. Does anyone know an app that will reveal your own
passwords on the mac etc.
I have searched and found nothing.

 

[aaronvan]

I am going nuts with Passwords and username & apps that only work once in a while.
I use my Mac in my house and I do not need secrecy by obscuring
my passwords. Does anyone know an app that will reveal your own
passwords on the mac etc.
I have searched and found nothing.

An age-old request! Bruce Schneier says 98% of users don't need obscured passwords even in the workplace and nobody needs it at home. Yet Apple and M$ continues to decide for the users what level of password security they need. I think Steve was strongly against visible passwords but he is gone so it's time to take another look. There are a few Safari scripts out there, but this should be a global option in system preferences.

 

[Weaselboy]

I am going nuts with Passwords and username & apps that only work once in a while.
I use my Mac in my house and I do not need secrecy by obscuring
my passwords. Does anyone know an app that will reveal your own
passwords on the mac etc.
I have searched and found nothing.

This Safari extension will help with that issue for browser passwords.

 

[rhoydotp]

I have searched and found nothing.

that's because this is an unusual request. but maybe a bit of background will help.

your Mac doesn't even know what your password is (or at least it shouldn't). what happens is that when you change or set a password, it will be encrypted using a 'salt'. the password database will then have the encrypted password plus the 'salt'. when the user authenticates, the password db will be queried for the 'salt' and apply the same encryption algo to what the user have just keyed-in. after that, it will just do a string match. hence, most of the tool will only "reset" the password, but never recover the actual string.

... so, unless you do a brute attack, there is really no way to find the password afterwards once the user puts it in. good luck on your search.


EDIT: if yo don't really care, write your password on sticky

 

[rhoydotp]

Bruce Schneier says 98% of users don't need obscured passwords even in the workplace and nobody needs it at home.

why do we even bother using a dead-bolt on our doors or even closing the window. i can't believe someone would even suggest this!

 

[aaronvan]

why do we even bother using a dead-bolt on our doors or even closing the window. i can't believe someone would even suggest this!

The point is we usually don’t have someone peering over our shoulder when we log-in so there is no benefit to obscuring passwords and a lot of time can be saved by not obscuring them.

 

[wackymacky]

why do we even bother using a dead-bolt on our doors or even closing the window. i can't believe someone would even suggest this!

I think the point is passwords appearing as on the screen rather than displaying the text doesn't offer more security at home where there is no threat of someone looking over your shoulder to read what you're typing, as apposed to the use of strong passwords and secure password/key storage.

Though to be honest most of my "secure" passwords are a combination of symbols/letters/numbers and typing them by "touch" is easy than trying to read (asG56#,bk!d`sm5t.9Fe on the screen.

 

[rhoydotp]

and a lot of time can be saved by not obscuring them.

i know it's not your intention but this bit is really funny! a lot of time by showing your own password that you should know? funny stuff, man!

Though to be honest most of my "secure" passwords are a combination of symbols/letters/numbers and typing them by "touch" is easy than trying to read (asG56#,bk!d`sm5t.9Fe on the screen.

i see where you are coming from and maybe there is merit to that. hopefully someone gives you an option to do that later on.

 

[aaronvan]

i know it's not your intention but this bit is really funny! a lot of time by showing your own password that you should know? funny stuff, man!

I'm glad you're so easily amused. For those who want intelligent discussion on this topic:

It's time to show most passwords in clear text as users type them. Providing feedback and visualizing the system's status have always been among the most basic usability principles. Showing undifferentiated bullets while users enter complex codes definitely fails to comply.

Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers.

More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.

Shoulder surfing isn't very common, and cleartext passwords greatly reduces errors. It has long annoyed me when I can't see what I type: in Windows logins, in PGP, and so on.

http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html

http://www.out-law.com/page-10128

http://www.thetechherald.com/articles/Is-usability-worth-more-than-security/6488/

 

[old-wiz]

why not just get an ap like 1Password?
it stores your logins and passwords and you only need to remember the 1password password

 

[rhoydotp]

I'm glad you're so easily amused. For those who want intelligent discussion on this topic:

because talking about making password clear is really intelligent. I think I'm done with this discussion, my intelligence is not capable dealing with such complex subjects ... good luck pushing this through, apple might listen. they been doing some stupid things lately ... or highly intelligent, depends on which side you're looking from