All Questions
2
questions
29
votes
6
answers
7k
views
Is it insecure to display the number of characters when users enter a new passphrase?
When users are entering a new passphrase somewhere, it's helpful to provide feedback on the number of characters received by the system.
In a user experience (UX) test I just ran, my user created a ...
2
votes
3
answers
355
views
Why do web browsers provide websites with plain text passwords? [duplicate]
Suppose I sign up for website.com with username "John" and password "Secret".
Currently the webbrowser supplies website.com with my real plain text password, and we must trust them to salt and hash ...