https://bugs.kde.org/show_bug.cgi?id=147873
--- Comment #23 from michaelk83 <mk.mat...@gmail.com> --- (In reply to kilrae from comment #22) > I have a little experience with Linux. But I couldn’t pull off any of these > “trivial exploits” without some time to think about it. However, I can click > “Show Passwords” with the best of them (as can the worst of them). It is true that most security people and most devs forget that most users are far less technical than them. But it is still also true that merely hiding the passwords visually, encourages bad security practices by giving a false sense of security. It offers no real protection, except against the very simplest of attacks (or curiosity). If *not* asking for a password when revealing the plain text of an unlocked wallet, encourages the common user to learn and apply better security practices (to lock your session when you leave the PC, to not leave your wallet unlocked when you don't need it, etc), then that's a small win for the security community. In the end, such practices will protect you better, both from the simple attacks, and from more serious ones. > The odds are better that the person you let use your computer to > check their email is mildly nosy than really motivated. If that is really a concern, the proper practice here is to create a separate guest user for them. They can have their own wallet there, with their own passwords, and they can look at those passwords in plain text all they want. Yours will still be protected. -- You are receiving this mail because: You are watching all bug changes.
