Password hiding, the easy way



  • Any prizes for guessing how Access Accounting Dimensions obscures the value of the password box?

    Omnis Password font 


     



  • Now I want to set the default Windows font to that. That would be hilarious.



  • Wouldn't that allow you to copy/paste out of the password box as well? Ugh.



  • @Feasoron07 said:

    Wouldn't that allow you to copy/paste out of the password box as well? Ugh.

    It sure would!

     

    I prefer Hoefler Text Ornaments myself.



  • Why is it that some programmers seem to go so far out of their way to avoid using functionality built-in to windows? Seriously, password-obscured text boxes have been standard since at least Windows 3.1!

    And it's not just third parties either...
     



  • Oh you youngsters with your hi-falootin' password obscuration methodologies!

     

    In the OLD days we used Model 33 teletypes to log into the computer.  The better systems could turn off the character echoing to ask for the password,  but some crude systems could not.  So what did they do:

     PASSWORD:

    MMMMMM\rIIIIII\rOOOOOOO\rIIIIIIII\rAAAAAAA\rWWWWWWW

     

    Yep, make a black smudgy area seven chars wide that you'd type your pw over.

    Worked fine on a TTY 33, not so good on a CRT terminal.

     

     



  • Umm wow, I really need this for a project I'm working on.

    Can u snd me teh codes? 



  • @KattMan said:

    Umm wow, I really need this for a project I'm working on.

    Can u snd me teh codes? 

    Pls sir, can u send me teh codes to?



  • @XIU said:

    @KattMan said:

    Umm wow, I really need this for a project I'm working on.

    Can u snd me teh codes? 

    Pls sir, can u send me teh codes to?

    STOP THIS MADNESS, PLEASE! 



  • @TheRider said:

    STOP THIS MADNESS, PLEASE!


    Nah, let it go. The spam crawlers are... oh... nevermind.



  • email me and I'll give you teh codes.  I promise I will not sell your email address for 1/100th of a cent.



  • What is this... the ctrl button? and combined with this wierd and inaccessible button "c" shock

     



  • @Feasoron07 said:

    email me and I'll give you teh codes.  I promise I will not sell your email address for 1/100th of a cent.

    jimmyboiii@hooters.com wait no i meant... oh darn too late.



  • I really want to believe that it uses that font, but also fills the field with **********, and that's just a way of making the *s look pretty....

     

    Actually, I only see this being a security vulnerability if there's a corresponding "save password" feature.  Biggest threat would be a guy typing in his password, then walking away from his desk without clicking "login" (which should hide the login dialog).  Any other way for an attacker to get the text would require a trojan (which could just as easily use a keylogger), right?



  • @dlikhten said:

    @Feasoron07 said:

    email me and I'll give you teh codes.  I promise I will not sell your email address for 1/100th of a cent.

    jimmyboiii@hooters.com wait no i meant... oh darn too late.

    At least Alex made some protection - you can post emails, but when you try to post your password, it shows up as stars:

    ********

    See? That's fun ;)

     

    (meme wars?...) 



  • @viraptor said:

    @dlikhten said:

    @Feasoron07 said:

    email me and I'll give you teh codes.  I promise I will not sell your email address for 1/100th of a cent.

    jimmyboiii@hooters.com wait no i meant... oh darn too late.

    At least Alex made some protection - you can post emails, but when you try to post your password, it shows up as stars:

    ********

    See? That's fun ;)

     

    (meme wars?...) 

    Heh, works for me to. Look: **********

    Anyone else wanna try? 



  • @XIU said:

    @KattMan said:

    Umm wow, I really need this for a project I'm working on.

    Can u snd me teh codes? 

    Pls sir, can u send me teh codes to?

    This might actually have some relevance...

    Can you upload the font somewhere? I want to change my default font to it as well! :P



  • @freelancer said:

    @viraptor said:
    @dlikhten said:

    @Feasoron07 said:

    email me and I'll give you teh codes.  I promise I will not sell your email address for 1/100th of a cent.

    jimmyboiii@hooters.com wait no i meant... oh darn too late.

    At least Alex made some protection - you can post emails, but when you try to post your password, it shows up as stars:

    ********

    See? That's fun ;)

    (meme wars?...) 

    Heh, works for me to. Look: **********

    Anyone else wanna try? 

    Obligatory bash reference: http://bash.org/?244321


  • @freelancer said:

    @viraptor said:
    @dlikhten said:

    @Feasoron07 said:

    email me and I'll give you teh codes.  I promise I will not sell your email address for 1/100th of a cent.

    jimmyboiii@hooters.com wait no i meant... oh darn too late.

    At least Alex made some protection - you can post emails, but when you try to post your password, it shows up as stars:

    m0squito

    See? That's fun ;)

     

    (meme wars?...) 

    Heh, works for me to. Look: janeytim7

    Anyone else wanna try? 

    What are you guys talking about?



  • @Otterdam said:

    @freelancer said:
    @viraptor said:
    @dlikhten said:

    @Feasoron07 said:

    email me and I'll give you teh codes.  I promise I will not sell your email address for 1/100th of a cent.

    jimmyboiii@hooters.com wait no i meant... oh darn too late.

    At least Alex made some protection - you can post emails, but when you try to post your password, it shows up as stars:

    m0squito

    See? That's fun ;)

     

    (meme wars?...) 

    Heh, works for me to. Look: janeytim7

    Anyone else wanna try? 

    What are you guys talking about?

    Damn it - why isn't right click -> "show source" blocked? He's hax0red the star-system!



  • @freelancer said:

    @viraptor said:
    @dlikhten said:

    @Feasoron07 said:

    email me and I'll give you teh codes.  I promise I will not sell your email address for 1/100th of a cent.

    jimmyboiii@hooters.com wait no i meant... oh darn too late.

    At least Alex made some protection - you can post emails, but when you try to post your password, it shows up as stars:

    ********

    See? That's fun ;)

     

    (meme wars?...) 

    Heh, works for me to. Look: **********

    Anyone else wanna try? 

    Let me try.

    hunter2

    Hey, how come I can see it?



  • @vt_mruhlin said:

     

    Actually, I only see this being a security vulnerability if there's a corresponding "save password" feature.

     I wasn't really suggesting it was a security hole per se, just a "oh no, you didn't..... omfg you did, didn't you? ..... why?!" moment.

     Still, it's not as secure as using a proper password box - I'm pretty sure you can snoop the text of an input box through a whole range of windows APIs (I'm no Windows programmer, I'm afraid), although if you have the ability to run code you can probably just snoop on the keypresses or something.

     
    This piece of accounting software has a whole crapload of other wtfs - including the wonderful "crashes if you use the scrolly mouse wheel" (I think the fast scrolling makes it run queries so fast they end up being run in parallel and it falls over as a result, but I really don't know...). I'll find an opportunity to document them someday.

    It's one of those pieces of software which was written to allow consultants to rack up the hours.
     



  • @rhowe said:

    Still, it's not as secure as using a proper password box - I'm pretty sure you can snoop the text of an input box through a whole range of windows APIs (I'm no Windows programmer, I'm afraid), although if you have the ability to run code you can probably just snoop on the keypresses or something.

    Nope,  you're right. If the password char is left to the default  NULL, it's a normal edit control and you can easily get it's content. However, the OS itself prevents that if the password char is anything else.



Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.