speaking passwords


Don H
 

It is so nice that FS is so worried about us. Guess GW and NVDA are not so worried as they both had or have the options to echo the keys when entering passwords.

On 8/18/2018 3:34 PM, Bill White wrote:
By the way, Brian, we’re not asking that the passwords be shown on the screen, only key echoed, the same way keys are echoed when we have JAWS set to echo characters.
Bill White
billwhite92701@dslextreme.com
*From:*main@jfw.groups.io [mailto:main@jfw.groups.io] *On Behalf Of *Brian Vogel
*Sent:* Saturday, August 18, 2018 1:13 PM
*To:* main@jfw.groups.io
*Subject:* Re: speaking passwords
On Sat, Aug 18, 2018 at 04:08 PM, Bill White wrote:
The security argument is spurious.
No, it's not.   And just for the record I have no direct or indirect ties to VFO.
If something like this exists it is 100% certain, at one point or another, to be accidentally turned on.  That alone is reason enough on security grounds to say, "No."
--
Brian **-**Windows 10 Home, 64-Bit, Version 1803, Build 17134
//The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.//
          ~ Dorothy Nevill


 

On Sat, Aug 18, 2018 at 04:34 PM, Bill White wrote:
By the way, Brian, we’re not asking that the passwords be shown on the screen, only key echoed, the same way keys are echoed when we have JAWS set to echo characters.
I understand precisely what's being asked for, and it should not be provided if one has a scintilla of concern for keeping passwords secure.

After 35 years in IT, and witnessing firsthand all the things that "can't happen" and "shouldn't happen," particularly when there is the high potential for human error, one puts in place roadblocks to precisely that kind of error.

Anyone, and I do mean anyone, should be able to remember their own chosen password or use a password manager.

The convenience of hearing one's keystrokes echoed with the letters struck for a password field cannot be justified, though as I've witnessed, repeatedly, many will try.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


 

On Sat, Aug 18, 2018 at 04:48 PM, Don H wrote:
It is so nice that FS is so worried about us.
The fact that you think this is concern for the user, rather than concern for their market, which would not accept that feature, is interesting.  VFO is a business and JAWS is a commercial product.  They've got more than one constituency whose needs and desires they must consider.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


Cristóbal
 

This is probably the kind of stuff that drives VFO engineers and programmers crazy.

Again, this is nothing more than a solution in search of a problem.

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Brian Vogel
Sent: Saturday, August 18, 2018 1:51 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

 

On Sat, Aug 18, 2018 at 04:48 PM, Don H wrote:

It is so nice that FS is so worried about us.

The fact that you think this is concern for the user, rather than concern for their market, which would not accept that feature, is interesting.  VFO is a business and JAWS is a commercial product.  They've got more than one constituency whose needs and desires they must consider.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


 

On Sat, Aug 18, 2018 at 05:08 PM, Cristóbal wrote:

This is probably the kind of stuff that drives VFO engineers and programmers crazy.

Again, this is nothing more than a solution in search of a problem.

You and I are on the same page.

It would make them all the crazier because this is definitely not a programming issue; it could be done, easily.  It is about design philosophy and concern for target markets.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


Bill Tessore
 

Hi all,
  The only security risk I can’t imagine eliminating is that of a shoulder surfer. If I were concerned about my password being captured while entering it, I’d have it ready to refer to it in either a braille format (like a braille note taker or a 3x5 card) so a synthesizer won’t announce it, or on some synthesizer enabled device (like a smart phone) and a head set to let me hear the characters and no one else. Yes, it’s a pain to have no feed back during keying, but that’s where practice, patience, and sometimes a pair of ear buds come in handy.  Alternatively, I’d use a password manager and bypass the storage device and headset altogether. But then I prefer to depend on my own skills for access and security.

Shabbat shalom,

Bill Tessore



On Aug 18, 2018, at 1:13 PM, Brian Vogel <britechguy@...> wrote:

On Sat, Aug 18, 2018 at 04:08 PM, Bill White wrote:
The security argument is spurious.
No, it's not.   And just for the record I have no direct or indirect ties to VFO.

If something like this exists it is 100% certain, at one point or another, to be accidentally turned on.  That alone is reason enough on security grounds to say, "No."
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


Bill White <billwhite92701@...>
 

Well, the way I deal with it now is to keep all my passwords in a password-secure Word document. When I want to enter a password, I copy it to the clipboard, then paste it into the password box. This is how I have circumvented the non-spoken passwords. I don’t like dealing with password managers, because I’ve dealt with them in the past, and they’re not always accessible.

 

Bill White

billwhite92701@...

 

From: main@jfw.groups.io [mailto:main@jfw.groups.io] On Behalf Of Bill Tessore
Sent: Saturday, August 18, 2018 2:43 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

 

Hi all,

  The only security risk I can’t imagine eliminating is that of a shoulder surfer. If I were concerned about my password being captured while entering it, I’d have it ready to refer to it in either a braille format (like a braille note taker or a 3x5 card) so a synthesizer won’t announce it, or on some synthesizer enabled device (like a smart phone) and a head set to let me hear the characters and no one else. Yes, it’s a pain to have no feed back during keying, but that’s where practice, patience, and sometimes a pair of ear buds come in handy.  Alternatively, I’d use a password manager and bypass the storage device and headset altogether. But then I prefer to depend on my own skills for access and security.

 

Shabbat shalom,

 

Bill Tessore

 


On Aug 18, 2018, at 1:13 PM, Brian Vogel <britechguy@...> wrote:

On Sat, Aug 18, 2018 at 04:08 PM, Bill White wrote:

The security argument is spurious.

No, it's not.   And just for the record I have no direct or indirect ties to VFO.

If something like this exists it is 100% certain, at one point or another, to be accidentally turned on.  That alone is reason enough on security grounds to say, "No."
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


Angel
 


I was unaware other screen readers echoed the characters.  When typed as pass words.  The question I have for those who advocate the pass word key echo being an option is this:  There are times I find myself in a user name form field.  Rather than in the pass word form field.  In fact, I did so today.  When I heard the beginning of my pass word, I immediately realized I was in the wrong form field.  Wouldn't those advocating pass words being echoed have a similar problem.  Should their request not be honored by the web site on which they were.  Due to their not understanding they were using the incorrect form field?

----- Original Message -----
From: Bill White
Sent: Saturday, August 18, 2018 4:34 PM
Subject: Re: speaking passwords

By the way, Brian, we’re not asking that the passwords be shown on the screen, only key echoed, the same way keys are echoed when we have JAWS set to echo characters.

 

Bill White

billwhite92701@...

 

From: main@jfw.groups.io [mailto:main@jfw.groups.io] On Behalf Of Brian Vogel
Sent: Saturday, August 18, 2018 1:13 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

 

On Sat, Aug 18, 2018 at 04:08 PM, Bill White wrote:

The security argument is spurious.

No, it's not.   And just for the record I have no direct or indirect ties to VFO.

If something like this exists it is 100% certain, at one point or another, to be accidentally turned on.  That alone is reason enough on security grounds to say, "No"
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


Angel
 

I am talking, also, about the perceptions potential employers have regarding the capabilities of blind individuals. If we have any desire, whatever, to become an employee; shouldn't we be expected to type at least as well as our sighted counterparts. Who are seeking the same position as are we? If not, this lowers the expectations for all blind individuals. If a Jaws user employs an assist, such as Dragon Naturally Speaking. Because they might have a problem using their hands. Would Dragon Naturally Speaking be expected to also speak the characters of ones pass words? Would this not compromise a companies security. Or, might the potential employer believe it might? This causing a blind person to attempt to debunk another possible myth. Held by sighted employers?

----- Original Message -----
From: "Don H" <lmddh50@adams.net>
To: <main@jfw.groups.io>
Sent: Saturday, August 18, 2018 4:02 PM
Subject: Re: speaking passwords


Since in such a situation you would probably have a set of headphones attached so everyone would not be bothered by the noise your idea doesn't hold water.

On 8/18/2018 2:31 PM, Angel wrote:

I also believe, if there is ever the idea given to sighted employers that we blind individuals might required spoken pass words; they will have another excuse not to hire us. They will believe spoken pass words will further compromise their companies security.

----- Original Message -----
*From:* Brian Vogel <mailto:britechguy@gmail.com>
*To:* main@jfw.groups.io <mailto:main@jfw.groups.io>
*Sent:* Saturday, August 18, 2018 2:03 PM
*Subject:* Re: speaking passwords

On Sat, Aug 18, 2018 at 02:50 AM, netbat66 wrote:

because sighted people can see the keyboard. we can not.

So? Most people do not "hunt and peck" type, whether passwords or
anything else. They're not looking at the keyboard in the vast
majority of cases. We (as I am part of the group "sighted people")
fat finger our passwords all the time and have to re-enter them.

As far as I'm concerned, VFO has it right. Passwords should never
be spoken, letter by letter, as they are typed in, anywhere. A user
is expected to remember them or use a password manager, and most of
those can shoot you right to the webpage and enter the login id and
password both, if conventional coding methods, rather than pop-up
sign-in boxes, are used.

Speaking password character entry entirely defeats the intention of
passwords to begin with.

--

Brian *-*Windows 10 Home, 64-Bit, Version 1803, Build 17134

/The real art of conversation is not only to say the right thing in
the right place but to leave unsaid the wrong thing at the tempting
moment./

~ Dorothy Nevill



Angel
 


I forgot the particular situation in which this took place.  But, I recall being on the phone with another totally blind person.  I was amazed to hear his screen reader, as we spoke.  Apparently, he was educated in Africa.  He was delegated to do the typing, when he was a child, for the nuns who ran the residential school in which he was educated, in the 1960's.  The head phones, then available, were quite heavy; and caused much distress to those who wore them.  As a result, to this day, he refuses to wear them.  He is a professor, at a University.  I can imagine how his attitude concerning the use of head phones might effect any perceived security issues.  However, he has been such a fine typist.  He would not require such an option.  I also have a further question.  If Foe were to incorporate this option, would it be a default option?  I would hope it wouldn't.  I, personally, would find it to be a bother to turn such an option off. 

----- Original Message -----
Sent: Saturday, August 18, 2018 3:54 PM
Subject: Re: speaking passwords

On Sat, Aug 18, 2018 at 03:50 PM, Bill White wrote:
I would never advocate using spoken passwords in a public or employment situation. Even if we are employed at home, if we are on the phone with someone, they could hear our spoken password.
The problem being, Bill, while yours is a sensible position having this be a user toggle is, from a computer security assessment perspective, an accident waiting to happen.  And it would.

VFO is erring on the side of caution in a situation where caution is desirable, nay, necessary.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


Don H
 

How about us old men who can't type well and are using their computers at home. Make it a option that can be easily disabled.

On 8/18/2018 7:30 PM, Angel wrote:
I am talking, also, about the perceptions potential employers have regarding the capabilities of blind individuals.  If we have any desire, whatever, to become an employee; shouldn't we be expected to type at least as well as our sighted counterparts.  Who are seeking the same position as are we?  If not, this lowers the expectations for all blind individuals.  If a Jaws user employs an assist, such as Dragon Naturally Speaking.  Because they might have a problem using their hands.  Would Dragon Naturally Speaking be expected to also speak the characters of ones pass words?  Would this not compromise a companies security.  Or, might the potential employer believe it might?  This causing a blind person to attempt to debunk another possible myth.  Held by sighted employers?
----- Original Message ----- From: "Don H" <lmddh50@adams.net>
To: <main@jfw.groups.io>
Sent: Saturday, August 18, 2018 4:02 PM
Subject: Re: speaking passwords

Since in such a situation you would probably have a set of headphones attached so everyone would not be bothered by the noise your idea doesn't hold water.

On 8/18/2018 2:31 PM, Angel wrote:

I also believe, if there is ever the idea given to sighted employers that we blind individuals might required spoken pass words; they will have another excuse not to hire us. They will believe spoken pass words will further compromise their companies security.

    ----- Original Message -----
    *From:* Brian Vogel <mailto:britechguy@gmail.com>
    *To:* main@jfw.groups.io <mailto:main@jfw.groups.io>
    *Sent:* Saturday, August 18, 2018 2:03 PM
    *Subject:* Re: speaking passwords

    On Sat, Aug 18, 2018 at 02:50 AM, netbat66 wrote:

        because sighted people can see the keyboard. we can not.

    So? Most people do not "hunt and peck" type, whether passwords or
    anything else. They're not looking at the keyboard in the vast
    majority of cases. We (as I am part of the group "sighted people")
    fat finger our passwords all the time and have to re-enter them.

    As far as I'm concerned, VFO has it right. Passwords should never
    be spoken, letter by letter, as they are typed in, anywhere. A user
    is expected to remember them or use a password manager, and most of
    those can shoot you right to the webpage and enter the login id and
    password both, if conventional coding methods, rather than pop-up
    sign-in boxes, are used.

    Speaking password character entry entirely defeats the intention of
    passwords to begin with.

    --
    Brian *-*Windows 10 Home, 64-Bit, Version 1803, Build 17134

    /The real art of conversation is not only to say the right thing in
    the right place but to leave unsaid the wrong thing at the tempting
    moment./

     ~ Dorothy Nevill




Don H
 

GW micro window Eyes had the option before Jaws caused its demise. NVDA users asked for it and a quick addon was made to allow it. Don't want it don't install the addon.

On 8/18/2018 7:21 PM, Angel wrote:

I was unaware other screen readers echoed the characters.  When typed as pass words.  The question I have for those who advocate the pass word key echo being an option is this:  There are times I find myself in a user name form field.  Rather than in the pass word form field.  In fact, I did so today.  When I heard the beginning of my pass word, I immediately realized I was in the wrong form field. Wouldn't those advocating pass words being echoed have a similar problem. Should their request not be honored by the web site on which they were. Due to their not understanding they were using the incorrect form field?
----- Original Message -----
*From:* Bill White <mailto:billwhite92701@dslextreme.com>
*To:* main@jfw.groups.io <mailto:main@jfw.groups.io>
*Sent:* Saturday, August 18, 2018 4:34 PM
*Subject:* Re: speaking passwords
By the way, Brian, we’re not asking that the passwords be shown on
the screen, only key echoed, the same way keys are echoed when we
have JAWS set to echo characters.
Bill White
billwhite92701@dslextreme.com <mailto:billwhite92701@dslextreme.com>
*From:*main@jfw.groups.io <mailto:main@jfw.groups.io>
[mailto:main@jfw.groups.io] *On Behalf Of *Brian Vogel
*Sent:* Saturday, August 18, 2018 1:13 PM
*To:* main@jfw.groups.io <mailto:main@jfw.groups.io>
*Subject:* Re: speaking passwords
On Sat, Aug 18, 2018 at 04:08 PM, Bill White wrote:
The security argument is spurious.
No, it's not.   And just for the record I have no direct or indirect
ties to VFO.
If something like this exists it is 100% certain, at one point or
another, to be accidentally turned on.  That alone is reason enough
on security grounds to say, "No"
--
Brian **-**Windows 10 Home, 64-Bit, Version 1803, Build 17134
//The real art of conversation is not only to say the right thing in
the right place but to leave unsaid the wrong thing at the tempting
moment.//
       ~ Dorothy Nevill


Gene Stevens
 

As a blind person and former employer there is no way I’d allow this at my work place. If you can’t remember and type your password well enough to not hear it echoed back to you you aren’t computer literate enough to hold the job you have.

 

Sent from Mail for Windows 10

 

From: Brian Vogel
Sent: Saturday, August 18, 2018 4:48 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

 

On Sat, Aug 18, 2018 at 04:34 PM, Bill White wrote:

By the way, Brian, we’re not asking that the passwords be shown on the screen, only key echoed, the same way keys are echoed when we have JAWS set to echo characters.

I understand precisely what's being asked for, and it should not be provided if one has a scintilla of concern for keeping passwords secure.

After 35 years in IT, and witnessing firsthand all the things that "can't happen" and "shouldn't happen," particularly when there is the high potential for human error, one puts in place roadblocks to precisely that kind of error.

Anyone, and I do mean anyone, should be able to remember their own chosen password or use a password manager.

The convenience of hearing one's keystrokes echoed with the letters struck for a password field cannot be justified, though as I've witnessed, repeatedly, many will try.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill

 


Angel
 


Isn't this just "creating a tempest in a tea pot".  If spoken pass words aren't truly necessary?  People already are asking questions concerning how to turn off  unwanted paragraph and space markers, in Microsoft word.  When by accident they find they are turned on.  Just think the questions asked about this added feature.  Should spoken pass words be accidentally turned on?  Just think the anxiety which might be experienced.  Should sighted assistance be required to assist with a problem.  Which the blind person is unable to resolve.  Such a thing occurred to me, just last month.  My screen reader wasn't reading all it once did.  When I was on my banks web site.  I had the sighted person who assisted me, access my banks site using her computer.  To determine whether the problem lay with the bank.  Or was my problem alone.  She was able to access the site perfectly well.  Using her computer.  When she came to assist me with this problem, Jaws was on.  I heard the screen reader explain what occurred, and how to correct it.  When she decreased and increased the size of the screen.  Now, I understand what was the problem, and am able to correct it.  Should such a thing occur again.  Should the blind person want to understand how the sighted person resolved the problem, and hadn't turned off this feature.  Even if the sighted person were honest, and didn't take advantage of the totally blind person.  Such might be assumed.  If one didn't have complete trust in the individual assisting him.  One might also be concerned, if a tandem session was necessary.  To solve a situation.  That his own security might be compromised.  Personal security has become such an issue, my bank requires all personal banking be done on line.  Rather than by telephone.  As was once done.  Even when a session is scheduled to assist a patron, all the bank employee can do is to tell whether the patron is accessing the proper fields.  Should he want to perform banking tasks.  Which is why, the bank employee would not be able to assist me.  As long as his computer was accurately reading the screen, and causing him to be able to access information not available to me at the time.       

----- Original Message -----
From: Bill White
Sent: Saturday, August 18, 2018 3:50 PM
Subject: Re: speaking passwords

Hi, Angel. We don’t require spoken passwords. It is just a convenience when we are using our own computers at home, and there is no one there to intercept them. I would never advocate using spoken passwords in a public or employment situation. Even if we are employed at home, if we are on the phone with someone, they could hear our spoken password.

 

Bill White

billwhite92701@...

 

From: main@jfw.groups.io [mailto:main@jfw.groups.io] On Behalf Of Angel
Sent: Saturday, August 18, 2018 12:31 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

 

I also believe, if there is ever the idea given to sighted employers that we blind individuals might required spoken pass words; they will have another excuse not to hire us.  They will believe spoken pass words will further compromise their companies security.

----- Original Message -----

From: Brian Vogel

Sent: Saturday, August 18, 2018 2:03 PM

Subject: Re: speaking passwords

 

On Sat, Aug 18, 2018 at 02:50 AM, netbat66 wrote:

because sighted people can see the keyboard. we can not.

So?  Most people do not "hunt and peck" type, whether passwords or anything else.  They're not looking at the keyboard in the vast majority of cases.  We (as I am part of the group "sighted people") fat finger our passwords all the time and have to re-enter them.

As far as I'm concerned, VFO has it right.  Passwords should never be spoken, letter by letter, as they are typed in, anywhere.  A user is expected to remember them or use a password manager, and most of those can shoot you right to the webpage and enter the login id and password both, if conventional coding methods, rather than pop-up sign-in boxes, are used.

Speaking password character entry entirely defeats the intention of passwords to begin with.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


Angel
 

This is why there are other screen readers. Which employers don't use. People without the ability to type accurately, for some reason, can use those screen readers.

----- Original Message -----
From: "Don H" <lmddh50@adams.net>
To: <main@jfw.groups.io>
Sent: Saturday, August 18, 2018 8:41 PM
Subject: Re: speaking passwords


How about us old men who can't type well and are using their computers at home. Make it a option that can be easily disabled.

On 8/18/2018 7:30 PM, Angel wrote:
I am talking, also, about the perceptions potential employers have regarding the capabilities of blind individuals. If we have any desire, whatever, to become an employee; shouldn't we be expected to type at least as well as our sighted counterparts. Who are seeking the same position as are we? If not, this lowers the expectations for all blind individuals. If a Jaws user employs an assist, such as Dragon Naturally Speaking. Because they might have a problem using their hands. Would Dragon Naturally Speaking be expected to also speak the characters of ones pass words? Would this not compromise a companies security. Or, might the potential employer believe it might? This causing a blind person to attempt to debunk another possible myth. Held by sighted employers?
----- Original Message ----- From: "Don H" <lmddh50@adams.net>
To: <main@jfw.groups.io>
Sent: Saturday, August 18, 2018 4:02 PM
Subject: Re: speaking passwords


Since in such a situation you would probably have a set of headphones attached so everyone would not be bothered by the noise your idea doesn't hold water.

On 8/18/2018 2:31 PM, Angel wrote:

I also believe, if there is ever the idea given to sighted employers that we blind individuals might required spoken pass words; they will have another excuse not to hire us. They will believe spoken pass words will further compromise their companies security.

----- Original Message -----
*From:* Brian Vogel <mailto:britechguy@gmail.com>
*To:* main@jfw.groups.io <mailto:main@jfw.groups.io>
*Sent:* Saturday, August 18, 2018 2:03 PM
*Subject:* Re: speaking passwords

On Sat, Aug 18, 2018 at 02:50 AM, netbat66 wrote:

because sighted people can see the keyboard. we can not.

So? Most people do not "hunt and peck" type, whether passwords or
anything else. They're not looking at the keyboard in the vast
majority of cases. We (as I am part of the group "sighted people")
fat finger our passwords all the time and have to re-enter them.

As far as I'm concerned, VFO has it right. Passwords should never
be spoken, letter by letter, as they are typed in, anywhere. A user
is expected to remember them or use a password manager, and most of
those can shoot you right to the webpage and enter the login id and
password both, if conventional coding methods, rather than pop-up
sign-in boxes, are used.

Speaking password character entry entirely defeats the intention of
passwords to begin with.

--
Brian *-*Windows 10 Home, 64-Bit, Version 1803, Build 17134

/The real art of conversation is not only to say the right thing in
the right place but to leave unsaid the wrong thing at the tempting
moment./

~ Dorothy Nevill









Don H
 

Let us see I am a former aerospace Engineer and hold a masters in computer science. My old fingers are stiff in my old age from all the typing I have done in the past.

On 8/18/2018 7:50 PM, Gene Stevens wrote:
As a blind person and former employer there is no way I’d allow this at my work place. If you can’t remember and type your password well enough to not hear it echoed back to you you aren’t computer literate enough to hold the job you have.
Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
*From: *Brian Vogel <mailto:britechguy@gmail.com>
*Sent: *Saturday, August 18, 2018 4:48 PM
*To: *main@jfw.groups.io <mailto:main@jfw.groups.io>
*Subject: *Re: speaking passwords
On Sat, Aug 18, 2018 at 04:34 PM, Bill White wrote:
By the way, Brian, we’re not asking that the passwords be shown on
the screen, only key echoed, the same way keys are echoed when we
have JAWS set to echo characters.
I understand precisely what's being asked for, and it should not be provided if one has a scintilla of concern for keeping passwords secure.
After 35 years in IT, and witnessing firsthand all the things that "can't happen" and "shouldn't happen," particularly when there is the high potential for human error, one puts in place roadblocks to precisely that kind of error.
Anyone, and I do mean anyone, should be able to remember their own chosen password or use a password manager.
The convenience of hearing one's keystrokes echoed with the letters struck for a password field cannot be justified, though as I've witnessed, repeatedly, many will try.
--
Brian *-*Windows 10 Home, 64-Bit, Version 1803, Build 17134
/The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment./
          ~ Dorothy Nevill


netbat66
 

one problem i had with one password manager last pass was it would forget some of the passwords and i had to re enter them again. if i was not useing my own passwords saved on a flash drive i would of been locked out of my accounts.
maybe the web sites were blocking the use of password managers? i don't know.
so i don't use them anymore.

-----Original Message-----
From: Bill Tessore
Sent: Saturday, August 18, 2018 2:42 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

Hi all,
The only security risk I can’t imagine eliminating is that of a shoulder surfer. If I were concerned about my password being captured while entering it, I’d have it ready to refer to it in either a braille format (like a braille note taker or a 3x5 card) so a synthesizer won’t announce it, or on some synthesizer enabled device (like a smart phone) and a head set to let me hear the characters and no one else. Yes, it’s a pain to have no feed back during keying, but that’s where practice, patience, and sometimes a pair of ear buds come in handy. Alternatively, I’d use a password manager and bypass the storage device and headset altogether. But then I prefer to depend on my own skills for access and security.

Shabbat shalom,

Bill Tessore
billtessore@gmail.com





On Aug 18, 2018, at 1:13 PM, Brian Vogel <britechguy@gmail.com> wrote:


On Sat, Aug 18, 2018 at 04:08 PM, Bill White wrote:
The security argument is spurious.No, it's not. And just for the record I have no direct or indirect ties to VFO.

If something like this exists it is 100% certain, at one point or another, to be accidentally turned on. That alone is reason enough on security grounds to say, "No."

--


Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134

The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

~ Dorothy Nevill


netbat66
 

if vfo required a administrator password to turn this option on or off it couldn't be turned on accidently. grin

-----Original Message-----
From: Brian Vogel
Sent: Saturday, August 18, 2018 1:13 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

On Sat, Aug 18, 2018 at 04:08 PM, Bill White wrote:
The security argument is spurious.No, it's not. And just for the record I have no direct or indirect ties to VFO.

If something like this exists it is 100% certain, at one point or another, to be accidentally turned on. That alone is reason enough on security grounds to say, "No."

--


Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134

The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

~ Dorothy Nevill


Bill White <billwhite92701@...>
 

They could have such a problem, I suppose, until they Tabbed, and found another form field.

 

Bill White

billwhite92701@...

 

From: main@jfw.groups.io [mailto:main@jfw.groups.io] On Behalf Of Angel
Sent: Saturday, August 18, 2018 5:21 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

 

I was unaware other screen readers echoed the characters.  When typed as pass words.  The question I have for those who advocate the pass word key echo being an option is this:  There are times I find myself in a user name form field.  Rather than in the pass word form field.  In fact, I did so today.  When I heard the beginning of my pass word, I immediately realized I was in the wrong form field.  Wouldn't those advocating pass words being echoed have a similar problem.  Should their request not be honored by the web site on which they were.  Due to their not understanding they were using the incorrect form field?

----- Original Message -----

From: Bill White

Sent: Saturday, August 18, 2018 4:34 PM

Subject: Re: speaking passwords

 

By the way, Brian, we’re not asking that the passwords be shown on the screen, only key echoed, the same way keys are echoed when we have JAWS set to echo characters.

 

Bill White

billwhite92701@...

 

From: main@jfw.groups.io [mailto:main@jfw.groups.io] On Behalf Of Brian Vogel
Sent: Saturday, August 18, 2018 1:13 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

 

On Sat, Aug 18, 2018 at 04:08 PM, Bill White wrote:

The security argument is spurious.

No, it's not.   And just for the record I have no direct or indirect ties to VFO.

If something like this exists it is 100% certain, at one point or another, to be accidentally turned on.  That alone is reason enough on security grounds to say, "No"
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill


Bill White <billwhite92701@...>
 

Security wise, it could not be a default option, and should only be able to be implemented by an administrator.

 

Bill White

billwhite92701@...

 

From: main@jfw.groups.io [mailto:main@jfw.groups.io] On Behalf Of Angel
Sent: Saturday, August 18, 2018 5:40 PM
To: main@jfw.groups.io
Subject: Re: speaking passwords

 

I forgot the particular situation in which this took place.  But, I recall being on the phone with another totally blind person.  I was amazed to hear his screen reader, as we spoke.  Apparently, he was educated in Africa.  He was delegated to do the typing, when he was a child, for the nuns who ran the residential school in which he was educated, in the 1960's.  The head phones, then available, were quite heavy; and caused much distress to those who wore them.  As a result, to this day, he refuses to wear them.  He is a professor, at a University.  I can imagine how his attitude concerning the use of head phones might effect any perceived security issues.  However, he has been such a fine typist.  He would not require such an option.  I also have a further question.  If Foe were to incorporate this option, would it be a default option?  I would hope it wouldn't.  I, personally, would find it to be a bother to turn such an option off. 

----- Original Message -----

Sent: Saturday, August 18, 2018 3:54 PM

Subject: Re: speaking passwords

 

On Sat, Aug 18, 2018 at 03:50 PM, Bill White wrote:

I would never advocate using spoken passwords in a public or employment situation. Even if we are employed at home, if we are on the phone with someone, they could hear our spoken password.

The problem being, Bill, while yours is a sensible position having this be a user toggle is, from a computer security assessment perspective, an accident waiting to happen.  And it would.

VFO is erring on the side of caution in a situation where caution is desirable, nay, necessary.
 
--

Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134  

    The real art of conversation is not only to say the right thing in the right place but to leave unsaid the wrong thing at the tempting moment.

          ~ Dorothy Nevill