Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why is there a padlock in the password field? There probably shouldn't be. #442

Closed
3 tasks done
wjdp opened this issue Mar 14, 2017 · 3 comments
Closed
3 tasks done

Why is there a padlock in the password field? There probably shouldn't be. #442

wjdp opened this issue Mar 14, 2017 · 3 comments
Labels
Fixed In Next Release

Comments

@wjdp
Copy link

wjdp commented Mar 14, 2017

In raising this issue, I confirm the following (please check boxes, eg [X] - no spaces) Failure to fill the template will close your issue:

How familiar are you with the codebase?:

1

Issue type: Other (Design/UX?)

[BUG | ISSUE] Expected Behaviour:

Padlocks are synonymous with SSL/TLS/HTTPS/generally secure things. Placing one in the body of the page is used by many sites (mainly e-commerce) to attempt to raise the user's perception of the site's security. When used on a site that does not employ TLS it's heavily misleading to include a padlock.

Expected behaviour: do not show a padlock on the page, especially when TX/RX over plain HTTP.

[BUG | ISSUE] Actual Behaviour:

The password field in the 'log in' dialogue shows a padlock:

image

The page has been loaded over plain HTTP. When submitting the form the password is sent in-the-clear:

image

In addition when an incorrect password has been entered a red padlock is shown:

image

This coloured symbol is used in-browser to represent a broken HTTPS page. Again misleading, just in a different way.

This is software whose users run and maintain themselves. There is no incentive to 'lie' to them about the security of the web interface. Instead be honest about it and let them make informed decisions about how they want to use it.

Sidenote: I'm sure the intention was not to deceive (again what would be the point?), not raising any accusation. This is just a bugbear of mine.

References (first Google result for "misuse of padlock symbol" 😄): https://www.troyhunt.com/padlock-icon-must-die/

[BUG | ISSUE] Steps to reproduce:

Use the login flow.
@PromoFaux
Copy link
Member

Thanks for the comments! The intention is certainly not meant to decieve :) If you can suggest a better icon to represent 'password' then please do

@DarkMatterMatt
Copy link

A key?

@AzureMarker AzureMarker mentioned this issue Mar 16, 2017
Merged
5 tasks
@wjdp
Copy link
Author

wjdp commented Mar 17, 2017

Think I saw you were using font awesome. The asterisk (fa-asterisk) I would think could work.

Though I would argue that a symbol in this field is unnecessary.

@DL6ER DL6ER closed this as completed May 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Fixed In Next Release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wjdp @PromoFaux @DarkMatterMatt @DL6ER