3

When typing a passphrase like

yeast bulk seize is shows pain

everybody can hear tapping the space bar, so it seems logical to display the spaces in the password field, too. So I'd like something capable of showing

***** **** ***** ** ***** ****

instead of

******************************

This would make typing easier while hardly decreasing the security.

UPDATE

Think twice before you update Riduidel's comment. When Bruce Schneier writes "It's time to show most passwords in clear text", then showing a small part of it must be correct, too. Especially showing a part which may get captured simply by listening.

Community
  • 1
  • 1
maaartinus
  • 44,714
  • 32
  • 161
  • 320
  • 13
    **hardly** ? My foot ! Due to usages, the presence of the ` ` (whitespace) character significantly increases the password quality. Revealing this character, which considerably increases search space - and as a consequence time to crack password -, would in fact significantly decreases security. – Riduidel Mar 17 '11 at 13:35
  • 4
    1. Space is just another character. 2. [Who says password masking is actually more secure](http://www.useit.com/alertbox/passwords.html)? 3. The people who can hear you hammering on your space bar **are not the people who want to steal your password.** – Matt Ball Mar 17 '11 at 13:35
  • 1
    From my point of view this is absolutely not worth the effort. Actually I don't see any added value in it at all. But its your chice of course. – Jan Zyka Mar 17 '11 at 13:43
  • 2
    @Matt: I've read that article before and I'd say it's a pretty narrow viewpoint. If you disagree, consider entering your password while connected to a projector with 50 people in the room. It doesn't matter if they wanted to steal your password, now they know it without even looking for it, and I'm sorry but I don't trust everyone completely. I would absolutely hate a product that didn't give me at least an option of masking it. I personally like how most WLAN password inputs work, allowing you to toggle off the mask. – Mark Peters Mar 17 '11 at 13:49
  • @Mark: I agree that Nielsen's viewpoint is a narrow one (it's **all** about usability), and I also agree that a pretty good solution is to allow the mask to be toggled. Nielsen actually mentions that: _"It's therefore worth offering them a checkbox to have their passwords masked."_ My main point was that, by far, the biggest security risk is **not** Mike in next cubicle over, who keeps sticking his head over the divider. – Matt Ball Mar 17 '11 at 13:55
  • 1
    As for password masking see what [Bruce Schneier says](http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html). @Riduidel If somebody can hear the space, why they should not see it too??? If somebody sees the spaces in a passphrase like this they could simply give up (except they work for the NSA :D). – maaartinus Mar 17 '11 at 14:07

2 Answers2

4

Was thinking JPasswordField was simply a JTextField simply overriding the renderer component, but it seems not to be the case.

So, instead of changing the renderer (like it would be the case if JTextField had such a component), you'll have to use a JTextField with a custom Document holding two strings :

  1. Password text as written by user
  2. Displayed password

You'll have to make sure all Document modifying methods change the password text, while all rendering methods use the displayed one.

Riduidel
  • 22,052
  • 14
  • 85
  • 185
  • 3
    There are many things different, especially JPasswordField not creating any String for the password and using a char[] instead. This is quite important for the security as you can clear a char[] but not a String. – maaartinus Mar 17 '11 at 14:09
4

Here's a variation that uses setEchoChar() to make the password visible for a predefined time: three seconds for example.

import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import javax.swing.JFrame;
import javax.swing.JPasswordField;
import javax.swing.Timer;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;

/** @see http://stackoverflow.com/questions/5339702 */
public class PasswordTest {

    public static void main(String[] args) {
        javax.swing.SwingUtilities.invokeLater(new Runnable() {
            public void run() {
                createAndShowGui();
            }
        });
    }

    private static void createAndShowGui() {
        JFrame jf = new JFrame("Test Password");
        JPasswordField jpwd = new JPasswordField();
        TimedPasswordListener tpl = new TimedPasswordListener(jpwd);
        jpwd.getDocument().addDocumentListener(tpl);
        jf.add(jpwd);
        jf.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
        jf.setLocationRelativeTo(null);
        jf.pack();
        jf.setVisible(true);
    }
}

class TimedPasswordListener implements DocumentListener, ActionListener {

    private Timer timer = new Timer(3000, this);
    private char echoChar;
    private JPasswordField pwf;

    public TimedPasswordListener(JPasswordField jp) {
        pwf = jp;
        timer.setRepeats(false);
    }

    public void insertUpdate(DocumentEvent e) {
        showText(e);
    }

    public void removeUpdate(DocumentEvent e) {
        showText(e);
    }

    public void changedUpdate(DocumentEvent e) {}

    public void showText(DocumentEvent e) {
        if (0 != pwf.getEchoChar()) {
            echoChar = pwf.getEchoChar();
        }
        pwf.setEchoChar((char) 0);
        timer.restart();
    }

    public void actionPerformed(ActionEvent e) {
        pwf.setEchoChar(echoChar);
    }
}
trashgod
  • 203,806
  • 29
  • 246
  • 1,045
  • NB: This approach does not address other legitimate security questions raised in this question. In particular, it may leave clear text in memory for an indeterminate period. – trashgod Mar 17 '11 at 16:32
  • @maaartinus: Good point. The approach can't _improve_ security beyond its scope; but to my knowledge, it doesn't make it _worse_. More [here](http://stackoverflow.com/questions/983964). – trashgod Mar 21 '11 at 21:01