[Cryptography] Order of username and password entry

Michael Nelson nelson_mikel at yahoo.com
Mon Apr 5 17:10:39 EDT 2021


Thought you guys might like a breather from bits and bytes. This is low tech security, but not entirely trivial.
When you have to enter a username/password pair for a site, which do you do first?

It's often the case for me that I paste both into the slots. When I did not have a fixed order, about once or twice a year I would paste the password into the username slot, whence it would be displayed in the clear. Usually you catch it then, but if not, it may be submitted to the site. Yikes!

To avoid this, I now have a rule: always enter the username first, then the password. If you put the un into the pwd slot, the non-displaying will alert you.

That's fine, but... Now the password is left in the copy/paste buffer, and can pop out when you are not expecting it. This is the lesser of the two evils. I have another rule: over-write the copy/paste buffer right after doing the password.

Unix kill-ring yanking, and the supposed new Windows ability to save multiple items to the clipboard can mean that it's a bit cumbersome to clear out the buffers.

Sigh. Any reflections?
Mike



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210405/ab4ca3d9/attachment.htm>


More information about the cryptography mailing list