Blogger and Entry of Sensitive Data

Security awareness, in almost every feature of every computer application, operating system, and security program, is reaching an intense level. Any time that you enter a password, don't be watching the screen and counting the number of "*" or "#" characters displayed there, expecting the count to match the number of characters you know that you put in the password.

Just in case there's somebody standing behind you, shoulder surfing your password entry process, a masked password of "n" number of characters won't necessarily be displayed as "n" number of "*" or "#" characters on the screen.

Blogger is part of the paranoia, too. In various places where Blogger accepts entry of a password, after you hit "Enter" or "Save", the number of "*" may change. This is to keep people from walking up to the screen, counting the number of "*" displayed there, and guessing that 7 "*" could be your wife's name. Or maybe the car that you drive. Or ... (I'm sure that you get the picture by now). When you see the number of "*" suddenly reduced, if you don't pay close attention, you might think that it's truncating the entry.

The above describes interactive entry of a password, after it's been set in a database. In one case, FTP password entry, this appears to be the case when you're setting the password for accessing the host server, for later use when you publish your blog.

As you enter a password, keep the count in your head. Don't be expecting to see the count verified on the screen, before or after you hit "Enter", consistently.

>> Top

Comments