Password entry
-
I noticed in the wizard, on the page "Set Admin GUI Password" the password is obscured. This makes life difficult when entering a long, good password. :)
Most password entry screens have an checkbox option for showing the password. Or it could just be defaulted to clear, since there probably won't be a lot of "reading password over shoulder" when getting into the web configurator.
Just a suggestion…
-
A work-around that I've used is to go to the address bar, toss in a couple spaces then type my password there. Highlight it and do a Cut/Paste to get it where it is needed. Silly, but it saves typing it wrong and getting frustrated.
I'd rather have an tick-box option to "show password" that could be clicked and would toggle between the password and dots.
-
Dunno, people… it is so hard to fire up some text editor and paste from there? Why address bar?
-
I would argue that if you can't enter your password reliably and repeatedly without looking at what you're typing it might be time to rethink your policy.
However adding a box to reveal it doesn't seem like something that would be problem.Steve
-
^^^ The man has a good point ^^^
-
I would argue that if you can't enter your password reliably and repeatedly without looking at what you're typing it might be time to rethink your policy.
-
Falling sleep on the keyboard is how I generate my random passwords…
-
gawd dammit doktornotor – now my next password is prob going to be correctH0rs3b@tteryStaple :)
-
gawd dammit doktornotor – now my next password is prob going to be correctH0rs3b@tteryStaple :)
-
Dunno, people… it is so hard to fire up some text editor and paste from there? Why address bar?
Firing up a text editor takes time and some effort, switch to an open desktop, click the editor's icon, enter the text, copy the text, exit the editor, confirm exit without saving, switch back to the pfSense desktop, paste in the password. The address bar method accomplishes the same thing (seeing what you are typing) without the monkey motion.
I would argue that if you can't enter your password reliably and repeatedly without looking at what you're typing it might be time to rethink your policy.
So I should switch to passwords that are within my ability to type correctly even though they will only offer limited security? That really doesn't seem like a good option, maybe I could just take some magic pill that would cure my dyslexia and make complex obscured passwords easier to deal with?
-
So I should switch to passwords that are within my ability to type correctly even though they will only offer limited security?
You really should review the XKCD picture above.
-
I'm familiar with that comic, I saw it the day it was first published and links to it many times since.
It is not remembering the password that is a problem, I'm pretty good at that after many years in the computer business and while I'm retired I'm not quite senile yet.
The problem is that I can not read or think of a word or number and reliably type it even when staring at the keyboard and using just one finger, that helps a lot but still leaves me with a lot of botched attempts. That is more serious on systems that lock you out after a few errors (like my bank) but still a pain on ones that give unlimited attempts to log in.
-
"The problem is that I can not read or think of a word or number and reliably type it even when staring at the keyboard"
Well how and the hell is showing you the password you just typed in the box above you going to help fix that issue?
I think copy paste would be your friend - get lastpass, and use its generate password feature and copy paste, etc. Now all you have to remember is 1 password.. Like Correcth0rs3batterystaplE
Now your typing skills become mute and all you have to remember how to do is copy paste – which even if a few clicks of the mouse has to be faster then trying to type with 1 finger and read at the same time since you can not even seem to do that from your comment.
-
I'm senile.
All my passwords are QWERTY123456YTREWQ654321
Otherwise I'm locked out forever - The ability to use a CAC card reader would actually be nice.
-
If I can read the password (as I can by typing it in the address bar) I can see that I have entered it wrong and correct it.
A tool like lastpass or even a spreadsheet with passwords in it will work when I'm on a computer I control but are no help on ones I'm just using. I haven't used lastpass but I have tried similar tools and find a spreadsheet less frustrating and adequate for my needs.
As I said in my first post I've found methods that work for me, having the option of readable passwords would be nice but not necessary.
-
It really depends on your use case. Here at home I could use a really long password that I couldn't type reliably blind because viewing as I type it isn't ever a problem. If I'm logging in remotely over a VPN that might not be suitable as I could be overlooked as I type. That very rarely happens to me but that's just my own usage.
As I said I can't really see any drawbacks to having more options (as long as it's hidden by default) but I have no idea how easy it would be implement.Steve