2015-10-06 16:31 GMT+02:00 Julian Bradfield <jcb+unic...@inf.ed.ac.uk>:
> On 2015-10-06, Philippe Verdy <verd...@wanadoo.fr> wrote: > > I don't think it is a good idea for tectual passwords to make differences > > based on the number of spaces. Being plain text they are likely to be > > displayed in utser interfaces in a way that the user will not see. > Without > > This is true of all passwords. Passwords have to be typed by finger > memory, not by looking at them (unless you're the type who puts them > on sticky notes, in which case you type by looking at the text on the > note). One doesn't normally see the characters, at best a count of > characters. > > > trimming, users won't see the initial or final space, and the password > > input method may not display them as well (e.g. in an HTML input form or > > All browsers I use display spaces in input boxes, and put blobs for > hidden fields. Do you have evidence for broken input fields? > I was speaking of OUTPUT fields : you want to display passwords that are stored somewhere (including in a text document stored in some safe place such as an external flash drive). People can't remember many passwords. Hiding them on screen is a fake security, what we need is complex passwords (difficult to memoize so we need a wallet to store them but people will also **printing** them and not store them in a electronic format), and many passwords (one for each site or application requiring one). But they also want to be able to type them correctly: long passwords hidden on screen will not help much (Hidden passwords in input forms is just to avoid some spying eyes on your screen, but people can still pay on your keystrokes...) If people are concerned by eyes, they'll need to hide their keyboard input (notably on touch screens!) but also their screen by first making sure there's nobody around to look at what you do. If there's a camera, hiding the password on screen will also no help, it will also be easy to see your keystrokes. Biometric identification is also another fake security (because it is immutable, when passwords can be and should be changed regularly) and it is extremely easy to duplicate a biometric data record (to be more effective, the physical captor device should be internally secured and its internal data instantly flushed in case of intrusion, and this device should be securely authenticated in addition to performing the biometric check, but the biometric data should not be transmitted, instead it should be used to compute a secure hash from the hidden biometric data and negociated and checked unique randomized data from the source requesting the access, it should use public key encryption with a couple of public/private key pairs, not symetric keys, or triple key pairs if using another independant third party: the private keys will never be exchanged or duplicated). But some time you'll need to reset those keys and the only tool you'll have will be to use cleartext pass phrases, even if there's a physical device identification, encryption with key pairs and the extremely private biometric data. Unfortunately biometric data is now shared with governmental third parties, and even exchanged internationally (they are present on passports and biometric passports are now mandatory for any one taking a plane to/from/via the United States and now in many European countries as well; DNA tracks are also very easyto capture. Biometric data is no longer a private property, they cannot be used as secrets for access authentication or signatures). There's still nothing to replace pass phrases and those need to be user friendly for their legitimate owners.