On Feb 8, 2014, at 5:22 PM, Jens Alfke <j...@mooseyard.com> wrote:
On Feb 8, 2014, at 12:04 PM, David Delmonte <ddelmo...@mac.com> wrote: > However, this app is being designed for use at home - or - I admit - on > portables. This is not a corporate entity. Doesn't matter. Individual people have just as much right to security as corporations do. Home computers get hacked in large numbers, often with key-logging software installed to capture passwords. NSSecureTextField helps deter this. hmm. understood. > I'm not claiming my app is secure: "It's a bit better than writing your > password on an envelope". Um … what is this app supposed to do? And what does it do with the passwords? You can do a lot better than disclaiming all responsibility for security. If you're making the app _look_ secure, with password entry, it should be at least somewhat secure. Apple already provides you with a very secure storage system for passwords (and other sensitive bits of data), the Keychain. Yep, I'm implementing "EvenBetterAuthorizationSample" code now. Does make me sad to have to do this. I help older people use technology. They are always forgetting their passwords. Just trying to help.. > I am wondering what UI people think about hidden passwords. Don't they annoy > you when you cant see what your typing? They do me, but I'm old and grumpy. Security and usability are often at odds. Ideally we wouldn't have to hide password typing or put up confusing security alerts when people launch apps, etc. But in the real world they're necessary, and part of the job of UI design is to make those trade-offs in the cleanest way possible. There's been rather a lot written about this — O'Reilly has a good book called "Security And Usability" for example. Thanks for the link to the book. I will look at it, ok read it. Watching someone's screen or typing to discover their password is a classic and common theft technique — it's called "shoulder surfing". Hiding their password as they enter it, wont deter someone who can follow keyboard strokes - especially an older person who types one letter every 5 seconds or so.. But thanks to everyone who answered. I am taking advice. —Jens _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
