Usability expert Jakob Nielsen has published a post on his website stating that password masking – the way programs display bullets instead of the text you type when asking you to enter passwords – is counter-productive, and decreases usability of applications and websites.
You know how it is: you need to enter a password – for a web site, application or system feature – and as you type, you see nothing but bullets in the place of your password:
While there is a purpose to this strategy – preventing someone looking over your shoulder from seeing what you type – this protection is both illusory and inefficient.
Nielsen writes:
Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users’ shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn’t even protect fully against snoopers.
He points out that users make more mistakes when they can’t see what they type, reducing usability and productivity. And, Nielsen says that when users are “uncertain” about typing passwords, they tend to choose simpler, less secure passwords, which leads to a loss of security.
In most cases, [...] users will appreciate getting clear-text feedback as they enter passwords. Your business will increase, and security will even improve a tiny bit as well.
Perhaps the solution is to do what Apple does on the iPhone. When you type a password, you see the last character you type, but previous characters are changed into bullets, so you can follow your typing, but never see the entire password.
Just a reminder of the last days of Intego’s super summer promo. Through June 30th, you can get 50% off on 5- and 10-seat licenses for all of Intego’s single Mac security programs (this discount does not apply to Internet Security Barrier suites).
During this promotion, you can purchase multi-seat licenses for the following Intego programs at half-price:
- VirusBarrier X5: Protects Macs from all known viruses
- NetBarrier X5: Protects your Mac from Internet attacks
- Personal Antispam X5: Keeps your inbox spam-free
- Personal Backup X5: Meets all your backup needs
- FileGuard X5: Safeguards your confidential files
- ContentBarrier X5: Makes the Internet a safe place for your kids
These special prices are only available from the Intego web site through June 30, 2009. These prices apply to full versions of Intego software, not to upgrades or Dual Protection software. This offer is not available from retail stores, or any vendors other than Intego. No refunds, no exchanges. This offer cannot be combined with any other special offer. Limited to one license of each program per purchaser, for individual users only. This offer may be cancelled at any time without notice.
Intego yesterday discovered yet another variant of the RSPlug Trojan horse, this one called RSPlug.L. It’s more of the same, just change around a bit to try and get by antivirus software. No worries; our Virus Monitoring Center had new virus definitions available less than an hour after it was discovered. With Intego VirusBarrier X5, and Intego’s NetUpdate for updating programs, filters and virus definitions, you can be sure you’re safe from the torrent of Trojan horses we’ve been seeing lately.
Here’s a tip. If you don’t already have NetUpdate set to check for updates daily, you can do so in the program’s Scheduling settings:
When NetUpdate checks for updates, it doesn’t use much network bandwidth and hardly any processor time. So you won’t even notice daily checks, unless there’s something to update. Keep your Mac safer by checking daily so you always have the latest virus definitions as soon as possible.
Yesterday, the Twitter feed of Guy Kawasaki, well-known tech entrepreneur, was hacked using a feed which he thought was moderated but was not, which sent a tweet saying the following:
For those who don’t follow celebrity news, Leighton Meester is an actress in the TV series Gossip Girl, and there are suggestions that she may have made a porn film when she was 18. Apparently, someone is trying to sell this tape, and one assumes that a number of Internet users would like to see it. (Note that more than 130,000 people follow Guy Kawasaki’s Twitter feed.)
So this hacked tweet directs people to a web site that features a number of pornographic images, including an “embedded video” of the sex tape. Users click an arrow on the video’s frame to view it, but, Oh! Surprise! This merely downloads a disk image called ActiveXsetup.dmg. If the user opens this disk image and runs the installer package, they see this screen:
This is the now-common installer screen for the RSPlug Trojan horse (first discovered by Intego in October 2007), which, if installed, does many bad things to your Mac.
This is yet another attempt to get this Trojan horse into circulation, following close on last week’s discovery of game sites spreading the Trojan.
The groups behind this Trojan seem heavily motivated to keep this Trojan in circulation, and new vectors will certainly be found. Just remember, don’t install anything you download from un-trustworthy sources, and use Intego VirusBarrier X5 to ensure that you don’t get infected from this and other types of Mac malware.
50% off 5- and 10-Seat Licenses for Single Programs Through the End of June
Intego is running a special sale with rock-bottom prices on multi-seat licenses for all of its single Mac security programs. If you have several Macs and home and want to protect them, while making big savings, now is the time.
Through June 30, 2009, and only from the Intego web site, 5- and 10-seat licenses for all of Intego’s single Mac security programs (this discount does not apply to Internet Security Barrier suites) are on sale at the incredible savings of 50% off! With this special offer, get 5 copies of any of Intego’s software for your entire family for the price of two licenses or less!
During this promotion, you can purchase multi-seat licenses for the following Intego programs at half-price:
- VirusBarrier X5: Protects Macs from all known viruses
- NetBarrier X5: Protects your Mac from Internet attacks
- Personal Antispam X5: Keeps your inbox spam-free
- Personal Backup X5: Meets all your backup needs
- FileGuard X5: Safeguards your confidential files
- ContentBarrier X5: Makes the Internet a safe place for your kids
These special prices are only available from the Intego web site through June 30, 2009. These prices apply to full versions of Intego software, not to upgrades or Dual Protection software. This offer is not available from retail stores, or any vendors other than Intego. No refunds, no exchanges. This offer cannot be combined with any other special offer. Limited to one license of each program per purchaser, for individual users only. This offer may be cancelled at any time without notice.
Intego’s Virus Monitoring Center has found a new variant of the RSPlug Trojan horse, the first one in more than a month, which we are calling OSX/RSPLug.K. The differences between this and previous versions of the RSPlug Trojan are minor, but there’s a major new twist. This new variant has been spotted on sites offering game downloads.
Previous versions have mostly been found on porn and warez (pirated software) sites, leading some commentators to say that only users involved in illegal activities are likely to get infected. (We’ll skip the argument about whether or not pornography is illegal…) This time, however, users going to web sites that provide game downloads end up downloading an installer that gives them a serious Trojan horse. While some of these games are intended to be pirated copies of low-priced commercial games, others are often found on web sites for free for on-line play.
Clicking a link to go to a game takes the visitor to a page with a download link:
This leads to a download of a disk image whose name contains the name of the game downloaded:
Intego VirusBarrier X5, with the current virus definitions, spotted this variant right away; our proactive analysis allows us to spot a number of characteristics of this Trojan horse easily.
Note that Intego has also spotted this variant on some MP3 blogs, sites that provide pirated music for download; or at least claim to. They actually provide Trojan horses saying they are download utilities. We recommend that Mac users download software only from trusted sites. The spread of this Trojan horse is such that more and more sites will be providing it instead of real software, and it may become increasingly easy to get fooled.