On the privacy of online login forms inputs
I'm surprised but not shocked by this result. It seems to me that many people are confused about why online login forms have two fields but only one of them hides the input.
On one hand, if all the credentials are meant to be private, why not add a third or a fourth input field with more private stuff? This would be more secure, right? On the other hand, if someone is using a weak password, what is the likelihood their login is easily guessable as well?
I personally believe online login forms have two fields for two different kind of data: an identifier that shouldn't be considered private, because the password/phrase field is already there for that specific purpose. As a result, I fully support letting users fill the login field with as many different identifiers they can have, including email addresses and public usernames, because it is massively more convenient without compromising on security since there is a password.
Rudolf Polzer likes this.
Alexander
•Hypolite Petovan
•Alexander
•It even might be negative in certain cases - because most software products treat usernames as not private, they get cached, remembered in form suggestions, etc.
Hypolite Petovan likes this.
Alexander
•It was super annoying :)
Hypolite Petovan likes this.
Rudolf Polzer
•Of course this has nothing to do with what the login form allows.
grin likes this.
Rudolf Polzer
•Privacy people call such info PII, personally identifiable information.
Hypolite Petovan
•