login UI is prone to exposing password
The Unity login screen employs a single field that is used for both login name and password entry. It's fairly easy to get confused as to the current mode and enter your password when login name is expected, thereby exposing your password to onlookers.
Here are some scenarios leading to this confusion:
* password re-entry (for general login) -- upon unsuccessful password attempt, the user might assume that only password is being reprompted, when actually the login name must be entered again.
* enumerated vs. general login -- the user may typically use his enumerated login (where username selected and only password is typed) and fail to notice that general login has been selected (perhaps by another person tampering with the login screen). He'll type his password when login name is expected.
For security reasons the login UI needs to be very explicit about what fields are used for password. Textual indicators (e.g. grayed "Password" placeholder in field) don't seem to be a distinctive enough cue-- my guess is people don't pay attention to login screen text beyond their first encounter. A spacial separation is warranted. Using a single, modal field for both login and password appears especially error prone.
|no longer affects:||unity-greeter|
|Changed in unity-greeter (Ubuntu):|
|importance:||Wishlist → Medium|