There is a security issue:
The old site masked your password while typing. This new site exposes it to all.
This is a pet peeve of mine...
You are using a handheld device; where is the security risk when you are the only one looking at it?
If anything; you should see what you are typing. Its not like you password is any more encrypted than your user name (its only validated with javascript). Or maybe I'm missing that the appearance of security is better than the reality.
If anything; you should see what you are typing. Its not like you password is any more encrypted than your user name (its only validated with javascript). Or maybe I'm missing that the appearance of security is better than the reality.
Um, what? The passwords are usually held on the server encrypted and checked directly in that form (and not with javascript at all, unless you are talking about AJAX means of transport). Of course there are tools that someone can use to intercept your http stream with, but if the Talk merges with the maemo.org authentication, it will use SSL for communication and the above scenario becomes even more unlikely to happen.
Um, what? The passwords are usually held on the server encrypted and checked directly in that form (and not with javascript at all, unless you are talking about AJAX means of transport). Of course there are tools that someone can use to intercept your http stream with, but if the Talk merges with the maemo.org authentication, it will use SSL for communication and the above scenario becomes even more unlikely to happen.
Got ya. But speaking from the other side of things...
...user types in a password box and *thinks* its secure because they cannot see the letters they are typing. On a public terminal, sure. On a personal mobile device, why?
...user types in a password box and *thinks* its secure because they cannot see the letters they are typing. On a public terminal, sure. On a personal mobile device, why?
Of course, this isn't something that the website can adequately determine - but it does sound like an enhancement request for the browser.
Which browser? What about people who change their UA string?
If there's a case for not hiding them on the device because of the use case, I'd say that's the right place to do it.
Having said that, the browser should be consistent with WEP/WPA key entry etc. And I can see this being one of the low-level things in the hallowed "UI Spec".
