This is literally never identified as an issue in any other system processing passwords. This feels like a debate by someone who once thought they had a clever idea and can’t let go despite everyone telling them it’s awful.
replyFeels like you're talking to your own strawman re. whether hiding password length makes sense, which I specifically didn't address, only pointed out that the arguments I've quoted do not support the change.
replyIs there any reason to have this feature enabled for millions of desktop users vs enable by appropriately paranoid corporate IT departments?
replyThe reason is to protect the innocent, of course, they're mostly clueless about security! But I don't know the level of practical benefits for this measure, superficially seems to be rather low, but then (assuming silly usability issues like "appears frozen" are fixed) what's the downside?
replyMillions of desktop users would use empty password if they could.
replyMost of them would be well enough served by that too. It used to be normal and perfectly suitable for most home users.
reply