Insecure password login due to slowness

Do you know the console mode password login?
First it says "Username:". Then you type the username. Then you type enter. Then it says "Password:". Then  you type the password, which isn't shown on screen.
Sometimes after you press enter after typing the username, it's slow, and I already start typing the password but instead of being not printed, the first few letters are instead shown in the terminal.
Imagine my username were bob and my password swordfish. Sometimes I type too fast and then I get the following output on the screen:
Username: bob
swPassword:
And then it says "incorrect login" because it only registered "ordfish" as the password.
The insecure thing is that the first letters of the password are visible!
Why is the computer not fast enough to immediatly register the letters I type as password after I press enter? A human on a keyboard is supposed to be much slower than even the dumbest 1MHz computer...

A big kick, but it seems like this (important) issue has been forgotten.
I use laptop-mode on my laptop, which spins down the hd after so many minutes of inactivity. When I need to enter the password when this is the case, i.e. login or sudo, it reproduces the password echoing issue discussed here.
After a few months of witnessing this, I have noticed that the initial command lets the hd spin up again, e.g. sudo <cmd>, and that the moment between entering the echoless password and being able to safely enter it is equal to the spin up delay. When not using laptop-mode, this issue does not occur.
As I use this laptop for presentations, it is a real security threat when several characters of your password are visible.
I can't find any relating bug reports and no forum posts, except for this one. The keywords regarding this issue are very ambiguous, however. 
The problem is not a bug of laptop-mode, as it seems to occur with heavy load too. We therefore need a change in the way functions that require passwords are processed, e.g. some sort of symbol that prevents input echo on that terminal until the security kicks in.
Edit:
Found a bug report at last: https://bugzilla.kernel.org/show_bug.cgi?id=21272
Last edited by Firestone (2010-11-05 10:20:00)

Similar Messages

  • DOES ANYONE KNOW HOW TO GET PASSED MY PASSWORD LOGIN on a mac pro? I FORGOT IT. (yosemite 10.10.1)

    DOES ANYONE KNOW HOW TO GET PASSED MY PASSWORD LOGIN on a mac pro? I FORGOT IT. (yosemite 10.10.1)

    User Tip:  Reset the user password in OS X Lion, Mountain Lion, Mavericks and Yosemite
    Posting in CAPS LOCK Is often seen as screaming and is not appreciated.  It's also very hard to read.

  • File Adapter - anonymous login (or )User name ,password login - Efficient?

    Hi Folks,
    In File Adapter processing , anonymous login (or) proper user name password based login is recommended ?
    Because we have faced many issue while using username based login in File adapter  .
    Which one is best ?
    Regards.,
    Shiva

    Hi Shiva ,
    We will go one by one :
    You can go for the Anonymous login  but the problem is the any body can access the FTP server and it is not the secure one,that is why business generally don't allow the Anonymous login.
    Coming to Proper user name password login ,I would advice you to use this one as the connection is more secure in this case.But this also comes with a problem that the username password generally expires after some time as per security policy and you have to change the username password for the FTP server as well as in File adapter which you are using.But this problem can be solved by going for a permanent username and password.
    I would recommend you to go for Proper user name and password.
    Regards
    Ravi Anand
    Edited by: Ravi Anand@85 on Mar 12, 2010 7:56 AM

  • I have a new computer and I want to use the "MasterPassword" again. How do I import all of the saved website passwords/logins from my old FireFox computer?

    I have a new computer and I want to use the "MasterPassword" again. How do I import all of the saved website passwords/logins from my old FireFox computer?

    A couple of methods.
    The first is to copy 2 files, key3,db and signons.sqlite from the profile folder of the old computer t the profile folder of the new computer. For details of how to find the profile folder see the [[profiles]] article.
    The second method is to install the [https://addons.mozilla.org/en-US/firefox/addon/2848/ Password Exporter] add-on on both computers and use that to export/import the passwords.

  • Turning off Password Login at Startup???

    ok so i used to live with my roommate now i am moved out and on my own, i want to turn off my passworded login like i used to have before i moved in for college, it used to just login no problem, all i did was go to System Preferences>Security and turned on "Disable Automatic Login"....well now i Un-checked it so that it will login automatically when i turn the computer on, but it still asks for my password and its really annoying, anyone know how to turn this on for sure?

    Hi Daniel,
    Try the following:
    1. Fire up System Preferences.
    2. Select Accounts.
    3. Click on the Lock at the bottom left and enter your password.
    4. Click on Login Options just above the Lock
    5. On the right ensure that Automatically Log in as: is ticked and select the account you want from the drop down menu.
    That should be it. All okay now?
    RD

  • I have to enter the remember password login at least twice each time I open a new instance of Firefox. Is there a fix for this problem?

    I have to enter the remember password login at least twice each time I open a new instance of Firefox. Is there a fix for this problem?
    == This happened ==
    Every time Firefox opened
    == installed 3.5

    @the-edmeister
    Thanks for the advice. In my case, it is sufficient to '''uncheck''' " Saved passwords".
    ('''''Preferences -> Privacy -> Clear History when Firefox closes -> Settings -> Saved Passwords''''').
    Great to have Sync. :)

  • Apple ID password login every time I used an application

    Hello,
    I'm getting an Apple ID Password Login every time I used an application, phone (Verizon, iPhone 4), or any other programs.  I login correctly and it still ask me to login again.  I don't think my phone needs to get any updates, becasue I update my phone and applications when I get home at night.
    Anyone having this problem?  This is annoying!
    Thanks

    Are you logged into your account in Settings/Store?

  • A login webpage gives the message "This script requires that jquery.js be loaded first." then will not show the user ID and password login boxes. How can this be corrected?

    A login webpage gives the message "This script requires that jquery.js be loaded first." then will not show the user ID and password login boxes. How can this be corrected?

    That message is listed in two scripts on the bank's site. One function that can display the message is named PhotoRotator and the other is named PromoRotator. However, I can't seem to trigger the error myself.
    If you have any add-ons that alter the page, such as ad blockers, try creating an exception for these sites and see whether that helps:
    www.northrim.com<br>
    www.northrimbankonline.com
    You also could try this logon page: https://www.northrimbankonline.com/onlineserv/HB/Signon.cgi
    (''Obviously you should be cautious about links offered on public forums to ensure you are not being phished! Check them out carefully before entering your username and password.'')

  • JSP Login Page is slow in 11.5.10.2

    Hi,
    JSP Login Page is slow in 11.5.10.2 . But If we login through form login (dev60cgi/f60cgi).
    Forms are working fine, No issue from the DB Side.
    We have bounce the Apache and clear the cache as well , but no luck.
    Pls give us some pointer on this.
    Regards,

    Hi,
    It is a clone Instance..Did you review the log files?
    I have one doubt.. If we have lacs record in WF_NOTIFICATION..will the performace get impact bcz of this.It may have an impact on the performance, but I believe it should not affect the main login page.
    Regards,
    Hussein

  • Password/Login feature on a website?

    Hello,
    I am trying to have the feature where the user has to enter a login and password in order to access certain parts of a website. Is there a way to implement a password/login feature using PL/SQL?
    Any ideas would be appreciated
    Thanks
    Douglas McGillivray

    It's a while since I've worked with the pl/sql cartridge but from memory I think you have the option of enforcing login via the DAD (i.e. configure it to request username and password rather than automatically logging in). I think that you could then get hold of 'session' data such as user_id and code something into your packages to restrict access. Since it's all on the database you have the option of using Oracle security (e.g. roles and grants) or coding something yourself.
    Hope this helps,
    Mike.

  • Adding a PASSWORD/login feature using PL/SQL

    Hello,
    I have an application written in PL/SQL that sits on top of an Oracle database. I want to know how add a password/login feature to the application.
    Thank You
    Douglas McGillivray

    You sould create a href to an sql statement ( create new user / passwd : and insert in a table (C_user,C_PASSWD), to have a list of users registred at your application)
    A htp page can manage this
    you should create roles that be granted to users,
    1- create &user dientified by &passwd;
    2- create role1....;
    3- grant &role1 to &user1;
    :user will be added by user if he chooses registration href.
    then he must add information in order to continue registration or push OK to confirm registration and let oracle grant previleges to the new user, a trigger can insert the new informations to the user_table_traces.

  • HT201263 I am unable to download the restore file for ipod touch due to slow internet connection. is there any other source to download the file to my windows7 computer?

    I am unable to download the restore file for ipod touch due to slow internet connection. is there any other source to download the file to my windows7 computer?

    Try this link or this place
    After the download, hold down the Shift key when you click Update in iTunes, and you'll be prompted to locate the downloaded firmware file.

  • Dropped frames during playback due to "slow disk"

    I work off an external Rocstor 160gb firewire drive; suddenly as I started to edit a project I get constant dropped frames during playback. It says it's due to "slow disks" and I wondered if my hard drive was dying. But I opened other projects on the drive and they play just fine. Why just this one? It's shot on the same format, captured the same -- nothing's different from my older projects. Maybe the captured media files got corrupted? I've never seen this. I've tried using the Rocstor on three different machines (first a 17" PB, then two different G5 towers) and it happens on all of them. I have FC5 on the PB, but FC6 on the G5s -- doesn't matter. I'm stumped here.

    How full's the drive? The fuller it gets, the slower it becomes. If it wasn't a superfast FW drive to begin with (especially a 400 device) You're gonna have problems as it gets fuller... starts slowing down big time around 70% capacity. It's always something... if the drive's not in a fast enclosure, and is also a fastish drive has a least 8mb disk cache, it will behave like this with DV footage.
    One thing I've seen and learned from reading a few posts on this is that the better/faster stuff suited for FCP use is worth the investment. G-Raid, Grainite Digital, OWC all sell really nice FW800 setups... they are up to twice as fast as older/slower FW 400 drives. and NEVER buy any more than you need now for storage. It's half the price and twice the speed next time you need more it seems.
    eSATA should be considered by any pro. laptop or not.
    Jerry

  • Due to slow internet connection, I cannot update my iphoe to new version 5. Is there any shortcut

    Due to slow internet connection, I cannot update my iphoe to new version 5. Is there any shortcut where I can update my iphone to new version quickly

    If your computer's connection is slow then you can update your iOS from your phone.
    Find a free, strong Wi-Fi network.
    Go to Settings>General>Software Update>choose option "Download and Install"
    Benefit: if you update phone through this method the actual download size will be only 30 to 50 MB only! and it works fine! if you try to download iOS from iTunes it will goes around 800MB.

  • Unable to uncheck yahoo email password login box on shared computer.

    unable to uncheck yahoo email password login box on shared computer.
    == This happened ==
    Every time Firefox opened
    == i'm trying to open my yahoo account. password stays all the time.

    Clear the Yahoo cookies.
    See [[Cookies]] and [[Enabling and disabling cookies]]

Maybe you are looking for

  • ErrorERR-7621 while login to application

    HI, all I encountered below error when I try to login to one of our Apex application *"Error     ERR-7621 Could not determine workspace for application (:) on application accept.* *Expecting p_company or wwv_flow_company cookie to contain security gr

  • How to read a local file using as3 in a flash object in HTML? [urgent]

    My web site contains a flash object. I want to use as3 to read some local .txt file by getting the user directory of the file. i know AIR can support this by sth like: File.desktopDirectory.resolvePath but when i open a AIR file for this, it seems th

  • Block Order TECO on the basis of operation User Status

    Hi Experts, I am trying to restrict the TECO of maintenance order on the basis of order operation status. I have configured the user status profile and assigned it to order operation. This user status profile have two statuses, INCL - Incomplete and

  • How to open a file(available on Desktop) from SAP?

    Hi, I have created dialog program. when i execute this program, it show one browse button. when user press this browse button, it display a dialog box and user can select file available on their desktop. e.g: Selected file path is  "c:\gaurav.txt" I

  • Bug: CP7 - Wordsearch Interaction - Completion Screen Missing Characters

    Hey folks, Has anyone else ran into an issue with the Word Search Interaction?  What I'm running into is that the completion screen that appears once all the words have been found is missing some characters/content.  See screenshot: The "C" is missin