Adding the ability for getpass to print asterisks when password is typed #77065
Comments
|
I saw some questions about it in stackoverflow (links below), and also find it very useful to have the ability to print asterisks. I know that it's have some risks exposing the number of chars to the password, but I think it's worth it. When using Jupyter (notebook server is 4.3.1) the password does echoed as "*", but not in Python IDE in linux and Windows |
|
for getpass.win_getpass() it can simply be done by adding this line def win_getpass(prompt='Password: ', stream=None):
"""Prompt for password with echo off, using Windows getch()."""
if sys.stdin is not sys.__stdin__:
return fallback_getpass(prompt, stream)
for c in prompt:
msvcrt.putwch(c)
pw = ""
while 1:
c = msvcrt.getwch()
if c == '\r' or c == '\n':
break
if c == '\003':
raise KeyboardInterrupt
if c == '\b':
pw = pw[:-1]
else:
pw = pw + c
msvcrt.putch("*") #Line that was added
msvcrt.putwch('\r')
msvcrt.putwch('\n')
return pw |
|
getpass is emulating the unix password prompt behavior. I'm not sure if the complication is worth it, especially since not echoing asterisks is, as you observe, fractionally more secure. So I guess I'm about -.5 on this feature. |
|
@matanya.stroh: Don't forget to erase the asterisks if the user hits backspace. Alternatively, could let the user define the masking character, similar to Tkinter's Entry widget. I'm in favor of supporting masking. While it does reveal the password length, it's an accessibility feature many users have come to expect. I'd rather have this in the standard library than have developers implement their own custom, potentially insecure methods for password input. |
|
See also bpo-36566. (Thanks Cheryl.) I think the usability improvement for this far outweigh the decrease in security. The days where somebody looking over your shoulder watching you type your password was the major threat are long gone. Hiding the length of the password against a shoulder-surfing adversary is so-1970s :-) For old-school Unix types we ought to default to hiding the password. But I'm +1 in allowing developers to choose to trade off a tiny decrease in security against a major increase in usability. The bottom line is that if you have a weak password, hiding the length won't save you; if you have a strong password, hiding the length doesn't add any appreciable difficulty to the attacker. |
|
This is easy to implement for Windows (as shown), but the unix implementation uses io.TextIOWrapper.readline() to get the password input. The unix implementation would have to be rewritten to provide the same functionality. |
|
Unfortunately modern laptop keyboards have almost no key travel and barely any tactile feedback [*]. Users on such keyboards really do need feedback for each key pressed. Not providing an option for such feedback is in effect forcing users to choose maximally weak password. [*] worse, a large proportion of MBP keyboards produced in the last few years have the notoriously bad 'butterfly' key design that occasionally duplicates and swallows keypresses. Yes, a trillion dollar company can't make a functional keyboard. |
|
I’m surprised to see this opened for so long! Is this waiting on a design decision or pull request? Looking at the contribution guidelines for standard library changes, it seems the recommended course of action would be to create a new thread in Discourse under Ideas? My two cents on the issue – it’s one of those we run into at every single workshop / training for newcomers to open source like Django Girls. There‘s no feedback when typing. In the case of Django, there’s no indication not to expect any feedback either. Lots of people use Windows and will have never come across that kind of prompt ever. So as mentioned above – this is indeed encouraging people to choose a password that’s simple to type. |
I don't see much opposition to this change, but somebody would need to write an implementation that works on Unix. |
|
Thanks for looking into this @Stevoisiak. Would it be acceptable to fix this for Windows users to start with, and change it for Unix users later? From my perspective I see this has been opened for close to 6 years now even though people seem to think it’s a simple change for Windows. As a regular Django Girls coach this has basically been an issue for Windows users at every event I’ve ever coached at, where we run into this when creating a user account’s password for Django. |
I've also wanted to see this feature for a while. (I proposed a Windows implementation in 2019, which itself may have been based on a post from 2013), but implementing it only on Windows would likely lead to confusion. If this were officially implemented and a Python script calls |
|
Isn’t it the current implementation that defies people’s expectations? The current |
|
@thibaudcolas https://pypi.org/project/maskpass/ Certainly there are benefits for the standard library having this functionality though. 😉 |
|
omg! Yes please :) |
💯% agree with @Stevoisiak that if the asterisks masking feature is added it should be across all platforms. Would it be unnecessary scope creep to allow the masking character to be user-defined? getpass.getpass(show_mask=True, mask_character='*')
# or a Unicode bullet character
getpass.getpass(show_mask=True, mask_character='•')
# or even more creative with Unicode (ok, yes, getting silly here)
getpass.getpass(show_mask=True, mask_character='🐧')The simplest road forward is likely to go with asterisks as a "static" mask character first. |
|
looks like a good idea, I'm ready to start working on it and I would also like to suggest an idea to replace: getpass.getpass(show_mask=True, mask_character='*')to: getpass.getpass(mask='*')with mask=None by default, and it will be displayed if bool(mask) == True ( I also want to ask are you sure that we need a check for the length of |
I like the idea to default to None. And yes - it can simply be: if mask_character:
# display mask character to stdout
@donBarbos I wasn't thinking about multi-character emojis. 😉 Either way, since you bring it up, it seems reasonable to allow for flexibility. 👍 |
….getpass` (#130496) Co-authored-by: Bénédikt Tran <[email protected]>
|
Looks like a PR was merged for this, so this could be closed. However, there's an issue: the PR added the new parameter only to |
|
Right, it's also needed at runtime as |
|
sorry, I can send PR soon. |
…k_getpass` (pythonGH-133849) (cherry picked from commit d029a1a) Co-authored-by: Semyon Moroz <[email protected]>
…ss` (pythonGH-134058) (cherry picked from commit 52a7a22) Co-authored-by: Semyon Moroz <[email protected]>
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
Linked PRs
echo_charforgetpass.getpass#130496echo_charforgetpass.fallback_getpass#133849echo_charingetpass.fallback_getpass(GH-133849) #134053putwchinstead ofputchinwin_getpass#134058putwchinstead ofputchingetpass.win_getpass(GH-134058) #134059The text was updated successfully, but these errors were encountered: