Security of Password Truncation

There might be many who consider this a bug, but I see it as a security feature: The ability to enter extra characters immediately after your password! Try that on Windows or Gmail, it refuses to authenticate the password if there are extra characters around it. On default Solaris you can type in more than 8 characters and the authenticator ignores the rest. (Note that you can configure Solaris to use a much longer password length) In case you are sitting in a place where there are other people close enough (say in a plane or a conference), you can obfuscate your typing with ample backspaces and extra characters.

Since I change my passwords often and use a different password for each situation, I can't really type my password fast (as opposed to people who are habituated to a single password for years). So this typing obfuscation feature helps (or I think it helps). BTW, even if people recognized my keystrokes it is hardly of any use to them, unless they stole my laptop. I don't use it elsewhere, and I don't run any remote login services (sshd, telnet, ftp et.al.,) on my laptop.
Comments:

Post a Comment:
Comments are closed for this entry.
About


sayings of an hearer

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today