Password shadowing: Pimp My Plastique

I was wondering why KDE still uses asterisks for substition in password fields. Look at this example:

Well, in Qt 4 it’s really easy to change it. This is the QPlastique style using Unicode character 0x25CF, a bullet point. If that one doesn’t exiss in the current font it falls back to 0x2022, a slightly smaller bullet point. Only if the current font doesn’t provide either (which is fairly rare according to my tests), it will fall back to an asterisk. This algorithme is actually stol^Wborrowed from the Windows XP style, so why does Plastique still use asterisks by default? The reason is probably that it was supposed to resemble the Plastik style from KDE 3, which had to use asterisks since the

QStyle::SH_LineEdit_PasswordCharacter

style hint was not part of the QStyle API. in Qt 4 this style hint allows for specifying any other unicode character:

You might wonder why I think that this change, started by Apple in OS X and Microsoft in Windows XP is a good idea: Well first the character looks odd enough so that people will understand that this character is really supposed to shadow the password input. I know from personal experience that using asterisks, which can actually be part of a password tend to confuse some people. And secondly… well, it looks a lot better. It’s more centered in most fonts while asterisks are usually displayed upwards in the line edit.

(For the technically inclined, i have uploaded the sources for this small example, including a QPlastiqueStyle subclass that implements the change.)

5 Comments on “Password shadowing: Pimp My Plastique

  1. I would be nice if you implement the behaviour which can be found in Lotus Notes client.

    When you enter a password in Lotus Notes client, the program shows a constant number of [weird] and easy to recognize pictograms instead of bullets. Each typed character changes the whole set of pictograms to something new, and the exact set depends on previously typed characters. So when you type the entire password you may say confidently if the picture is “usual” and thus you haven’t mistyped. Since the number of pictograms is always constant and they changed without any evident rule, it’s quite hard for an evil one to guess how may characters in your password, what they are etc.

  2. In theory, the pictograms leak information by changing on every keypress. If you have 20 or even just 5 “checksum” images, you can use brute force on a much smaller set if you have, say, a video camera recording each change. If you only show the checksum image after the first 5 characters, it still effectively reduces your password to 5 characters plus a bit of brute force. You could stop the brute forcing by using a random seed unique to the system or network so you can’t reproduce it at home.

    Of course, in real life, you could probably just as easily watch their fingers on the keyboard, or one of many low-tech methods, so the issue is pretty much moot, especially on something like a desktop computer 🙂

  3. Sorry, no merci for X-Servers without antialiasing. If they are in such a pain, they can easily patch a style to provide them their oldfashioned stars. But if we stick to the least common denominator for everything, Linux would hardly move forward. Enable AA and be happy. Freetype isn’t magic anymore and comes with a working setup in all mainstream distros 🙂

  4. If I compare the two screenshots above, I still prefer the asterisks. The dots are IMHO too big, they look out of place.

    >> If that one doesn’t exiss in the current font it falls back to 0x2022, a slightly smaller bullet point.

    I don’t know much much smaller it is, but I think it would appeal my eyes better.

    Just my 50 öres.