1 comment

[ 2.8 ms ] story [ 9.8 ms ] thread
The registration page has the abominable and silly practice of entering a potential password twice, blind.

This is probably some fool's idea of a "best practice". It's silly in 2023 because the practice protects nothing. Shoulder surfing might have existed in the days of CRT monitors with big text, but does not now, when we have narrow field of view LED screens viewed much closer to the face.

Additionally it's nearly impossible to type a high entropy password twice on a rinky dink smartphone "keyboard".

Twice blind passwords are actively hostile and must disappear as floppies did.