Main Area and Open Discussion > General Software Discussion
Does this exist and if not can someone write it up?
questorfla:
This is a simple concept and there are a large number of people who would be grateful to have it. But PLEASE, I don't need to get "flamed" by everyone for not wanting everything to be as secure as Ft Knox.
What I am describing is the same thing already used in many new Online Programs but would work for any software whether it had that "All Seeing Eyeball" at the end of the password box or not.
What is needed is a way to activate a small on-screen text-box that would display characters as they are typed by capturing the keystrokes from the keyboard. It would have no record keeping ability, just a line-typed display that would appear on the screen preferably near the password box but anywhere visible would do.
The function would be activated by a hotkey and only be there if the user wanted it and have a times display for 30 seconds or less would probably be plenty.
The purpose is to give "Humans" a chance of knowing what they just typed into their password field before they click <Enter> and get that "Incorrect password only 1 try left" message.
After seeing the same message 3 previous attempts no matter how certain you are that you are typing the same password you have always typed (You can't 'argue with asterisks', the "dots win" every time!) many people are one step short of a blown fuse. I just dealt with another such person here.
This is not meant for being a "password hack". It is simply a way to give a fighting chance to people using older software that does not offer the "All Seeing Eyeball Icon". I still see newer MS programs that do not give anyone a way of knowing if they are mistyping or if there is really a reason their OLD password is no longer working.
This information COULD point toward the fact that SOMEONE must have changed it and if it wasn't You? Then WHO? I would considered that to be a major Security HELP! If you don't know what is being entered behind those dots, you can't say. Maybe someone else DID change your password.
AsterisKey and other like it are considered the tools of trade for a malicious hackers and are sometimes blocked by AV software. What I am proposing is simply a way to allow a person to see what they typed in a password field (or anywhere else) AS THEY TYPE IT. Kind of like adding the All Seeing Eyeball for programs that don't have it and never will.
4wd:
Greasemonkey/Tampermonkey + Show Password onMouseOver userscript - it's what I use.
Of course, that is browser only - the simplest method is to open a text document, type in the password, and then cut/paste it into the input field.
... many people are one step short of a blown fuse.-questorfla (June 29, 2016, 04:00 PM)
--- End quote ---
;D
IainB:
That could be quite a handy little utility that is being asked for there. It would basically mirror what you were typing, as you typed.
I don't know that I've come across anything quite like it.
You could consider an option to auto-copy whatever text is mirrored, so that the Clipboard captures it - which could be useful for CHS (Clipboard Help & Spell) users, though not very secure. I'd probably use it (see below).
I sometimes do something similar, but more laborious, using CHS by:
* (a) bringing up the Add a Quick Note popup window - hotkey that I use for that is Ctrl+Alt+Z;
* (b) then I type in the thing I want to see - e.g., a password - and when I have got it right,
* (c) I copy/paste it into the password field, where it appears as obfuscated text (large black dots).
* (d) I then Cancel the Add a Quick Note popup window, so the password is not saved.
* (e) I always and periodically (each day) go through the CHS clips and delete the clip I took of the password (unless I want to keep it in CHS), and any other "detritus".
I should stress that I only do this for setting up access to relatively unimportant sites - e.g., the children's games - and I keep their passwords in CHS as the children tend to forget them and get upset when they can't get back to their favourite games. In those cases, resetting the password is a fallback approach, but it's a bit tedious, so CHS can be useful there.
For important/secure passwords, I otherwise leave my password entry to LastPass and ALWAYS avoid copying/keeping any passwords into/in CHS.
questorfla:
I agree! BUT When I got multiple calls from frustrated employees where they had kept trying until they was locked out (which requires me to do a compete reset of their password) I started thinking just how hard could it be to do something about the stupid ASS-terisks. It isn't like we have to share one work station among 15 employees these days. Not many times when you would have an audience looking over your shoulder. Although I am sure it happens. That is why I am suggesting an option that COULD be used if you know you are NOT being "watched". Just like the current password "eyeball" used by most major companies.
Using a hotkey to activate it when needed, it would allow a user to make SURE that the system was entering what they typed (or what they THINK typed) since they cannot confirm it except by entering it and seeing if it allows entry ...Or not. If not... Well. Then what? Try-try- again apparently. And believe me, I have had times when I KNOW I entered my password only to be told it was not correct.
By the third try , I really am not sure any more WHAT my password was or IS.
I like and use LastPass myself but.. Even LastPass has a password. Most of these problems I feel are from typos, capslock, numlock or other keyboard entry errors. But without a way to Know? Who knows?
I firmly believe this is why MS finally started offering the "All Seeing EYE-con" on the password line. The first time I saw that thing, I had no idea what it did. It ought to be a LAW that if a program has a password it should offer a way for the User to see what is hidden behind the dots if they WANT to just to rule out a real typo from a "Who changed my password" event. This does not make sense from a security standpoint as the problem is not that someone is trying to guess my password. If it cant tell that it is ME trying to guess what the computer thinks I meant to type.
If typing it into notepad then pasting to the password field works (and it does!), then the ability to do the same thing with less effort SHOULD work as well. That is all I am trying to do. Open notepad, type into notepad, copy what was typed into clipboard, paste clipboard contents to the waiting password field and click enter while knowing for sure what was put behind the "dots". If I could get really good and "add" the password "EYEBALL" effect to any password field that would be the ultimate fix.
It would be MORE secure as I could be SURE of times that my password really HAS been changed and I did not do it. :'(
anandcoral:
Hi questorfla,
I have faced the same situations and wanted the same things. Many a site and also some software (aka folder lock etc.) require password with capital, number and special characters which makes entering them complicated behind asterisks.
I have been locked out in two/three situation, although I can swear that I was correct still I was left swearing against the site.
I found one solution and created another one.
1. I use JC&MB Quicknote http://www.quicknote.de/quicknoteen.php and enable "Focusless input". After that when I type in the password box the letters are auto typed in the quicknote box, which I can see and confirm if it is correct or not.
2. I type the password in a new notepad window. Copy it and use Paste Text Like https://sites.google.com/site/pastetextlike/ to "Mimic Typing" on the password box, since these password box do not allow copy-paste. Then I close the notepad window without saving.
I now use the point 1 above when I am creating a new account and need to enter a new password. And the point 2 when I am entering the password in a website.
See if they can be of any help.
Regards,
Anand
Navigation
[0] Message Index
[#] Next page
Go to full version