-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/24/09 8:54 AM, Norman Rasmussen wrote: > I would normally reply on the article, but it seems it doesn't have > comment functionality. > > Jakob Nielsen's Alertbox for June 23 is now online, Summary: > > Usability suffers when users type in passwords and the only feedback > they get is a row of bullets. Typically, masking passwords doesn't even > increase security, but it does cost you business due to login failures. > > - ---------------------------------- > > > What about my co-worker peering over my shoulder while I type in my > password?
That's a physical security attack and can be dealt with accordingly. :) > To be honest this is where single-sign-on systems like OpenID are > better, because you delegate authentication somewhere else (that > hopefully you already have a session key for). I don't trust OpenID, although I would like to move to password-less logins for XMPP (e.g., your client generates a cert when you create an account and registers that cert with your server). But perhaps that's a topic for a separate thread... Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpCP6AACgkQNL8k5A2w/vxPoACgnE3+tfrv+QlITc0YCrPgIPdN FpoAmgPDlPrmDzTK5JaYtDBxNgSF/7KI =Yt2d -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________
