Bug 959463

Summary: please don't put focus in password box unexpectedly
Product: [Fedora] Fedora Reporter: Andre Robatino <robatino>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: anaconda-maint-list, dan.mashal, g.kaviyarasu, jonathan, mkolman, rdieter, sbueno, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-06 21:14:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andre Robatino 2013-05-03 14:51:36 UTC 
Description of problem:
There is a recent anaconda change such that the password is displayed in plain text when focus is in the password box - explained in https://bugzilla.redhat.com/show_bug.cgi?id=958608#c5 . This sounds reasonable if the user actually intends to have focus in that box. Not so much if it's unexpected. For example:

1) User is installing F19. Says to coworker, please turn around so I can enter my password, this will only take a few seconds.
2) Enters password twice. Unfortunately, it's detected as weak and when user clicks Done, the focus goes unexpectedly back into the password box, revealing it. Some inconspicuous text saying that the password is weak and that one has to click Done *again* for it to take appears all the way at the bottom of the window, where user isn't looking. User spends about half a minute before figuring out what happened, and in the confusion forgets to tell coworker to stay turned around. Password is visible the whole time.
3) After about 15 seconds, coworker assumes user is done, turns around, sees password.

Lesson to take away - focus in the password box needs to be intentional, otherwise telling someone to look away temporarily doesn't work so well.

Version-Release number of selected component (if applicable):
anaconda 19.23-1, I think (version in 19 Beta TC2)

How reproducible:
always
Comment 1 Chris Lumens 2013-05-06 21:14:22 UTC 
I'm just going to back the original root password stuff out, so this will not be necessary.  Hold on a minute.