{"id":121,"date":"2009-07-04T11:12:00","date_gmt":"2009-07-04T11:12:00","guid":{"rendered":"http:\/\/willemkossen.nl\/b\/?p=121"},"modified":"2022-10-18T13:14:00","modified_gmt":"2022-10-18T13:14:00","slug":"asterix-love","status":"publish","type":"post","link":"https:\/\/willemkossen.nl\/b\/?p=121","title":{"rendered":"Asterix Love"},"content":{"rendered":"\n<p><a href=\"https:\/\/web.archive.org\/web\/20090830181135\/http:\/\/www.flickr.com\/photos\/9932605@N08\/2489953253\"><\/a><img loading=\"lazy\" width=\"237\" height=\"240\" class=\"wp-image-126\" style=\"width: 150px;\" src=\"http:\/\/willemkossen.nl\/b\/wp-content\/uploads\/2022\/10\/2489953253_ecfca965b8_m.jpg\" alt=\"\"><\/p>\n\n\n\n<p>Lately there has been a lot of discussion about this poor little character, the asterix: *. One example of this is this&nbsp;<a href=\"https:\/\/web.archive.org\/web\/20090830181135\/http:\/\/www.schneier.com\/blog\/archives\/2009\/07\/the_pros_and_co.html\">site<\/a>. This character has been a very frequent site on every login screen you might encounter. It hides your real password (unless you actually had ******* as a password\u2026) The question is whether this is good or bad practice. In this little post I\u2019ll give you my opinion on it.<\/p>\n\n\n\n<p>The original argumentation was to hide the password from peeking eyes. Look over someone\u2019s shoulder and you know\u2026 then, you might look at what someone is typing on the keyboard and know as well. Especially if someone is typing slow. The added value is limited. In fact, security by obscurity isn\u2019t real security. As it turns out, not seeing what you are typing increases the likelyhood of making mistakes. This is frustrating, but also costly. Unlocking accounts, retrieving passwords by e-mail etc. is timeconsuming and therefor pricy. Now we have two sides of the scales, which one is heavier?<\/p>\n\n\n\n<p>In fact, that may not at all be the question. You could argue that the asterix\u2019s make people feel good. They\u2019re not only nice to look at, but also give a (false) sense of security, something people like (and not just after 9\/11). The feel-good-factor hasn\u2019t been taken into account in all the discussions I\u2019ve read on the internet. Even if the added value in terms of real security is limited, what about making people feel safe (even if they aren\u2019t. You want safety? Shut down that computer Now!).<\/p>\n\n\n\n<p>Another factor that hasn\u2019t been discussed is the simple fact that if we were to change this habit, it would take a very long time to reach an asterix-free world. There would be a mixed environment for years which might confuse people so much they call on the helpdesk anyway. No savings here. Is it really that bad? Or should people learn to type without looking and improve their skills that way?<\/p>\n\n\n\n<p>Even further, one could (and I do) argue that the password itself isn\u2019t a very good idea. There are better ways of securing stuff from unwanted access. Multifactor authentication, biometrics (although there are strong arguments against that one as well. maybe worth another post one day), smartcards, PKI, etc\u2026. If we\u2019re going to change at all, let\u2019s not just do the superficial and aesthetics\u2026<\/p>\n\n\n\n<p>As you see, I don\u2019t have the answer. do you? I hope you will comment on this post and give me your views on this little subject.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/web.archive.org\/web\/20090830181135\/http:\/\/www.mylivesignature.com\/\"><img src=\"https:\/\/web.archive.org\/web\/20090830181135im_\/http:\/\/signatures.mylivesignature.com\/85709\/wkossen\/4c685b3de1f98bc3665afa55cc11559d.png\" alt=\"4c685b3de1f98bc3665afa55cc11559d Asterix Love\" title=\"Asterix Love\"\/><\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Lately there has been a lot of discussion about this poor little character, the asterix: *. One example of this is this&nbsp;site. This character has been a very frequent site on every login screen you might encounter. It hides your real password (unless you actually had ******* as a password\u2026) The question is whether this [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/posts\/121"}],"collection":[{"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=121"}],"version-history":[{"count":2,"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/posts\/121\/revisions"}],"predecessor-version":[{"id":181,"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/posts\/121\/revisions\/181"}],"wp:attachment":[{"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/willemkossen.nl\/b\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}