3

I use the Windows 8 operating system. Whenever I navigate to the login page of Internet Explorer 10, or even the login screen of the operating system, I see an eye symbol at the end of the password input.

Screenshot of wifi input box: "Enter the network security key"

There is always an eye symbol in password inputs. When I press the eye symbol, the password is visible in plain text.

What’s the security of this eye? Is this a vulnerability in Windows?

TRiG
  • 609
  • 5
  • 14
BlueBerry - Vignesh4303
  • 5,107
  • 13
  • 34
  • 63

2 Answers2

8

You are far too paranoid.

The "eye" is simply what it is, a way for you to unmask the password in the password field. It is good from a security perspective to mask passwords as you are typing it to protect against shoulder surfers and the like. However, it can be annoying if you accidentally mistype passwords and have no way of verifying which character you got wrong especially when the password is 16-30 characters long as is common for network keys. Windows 8 simply gives you the option to unmask the password for your own convenience if you are sure no one can shoulder surf you.

  • any other normal password field also keeps the password in plain text in memory ready for the code to query it, all the eye does is turn off the masking so it gets echo on screen – ratchet freak Aug 09 '13 at 16:25
  • Prior to "eye" feature (Win XP etc.) there was a "Revelation" program to reveal any password fields, which worked in similar way. – PeterM Jan 03 '17 at 09:17
2

Masking a password is like tinting the windows of a vehicle. To a computer there is no difference between an unmasked password and a masked password. The masked password is a feature that is implemented so people around your vicinity cannot see your password, also if someone is watching your monitor live through some program.

abden003
  • 181
  • 9