Jeez theres some clueless individuals
I'm happy to keep my obscured passwords, but only because I can actually type the buggers in the 1st place
It sounds like there are too many Visual programmers, web developers, DBAs, solution architects and windows support people around here (should cause a fight in itself)
To make it obvious, they are making a point that obscured passwords cause problems and are a bit shit and is used as a security blanket (pardon the pun) because the majority of people cannot be trusted to take proper care of their passwords in the 1st place.
Question : You would really use a public terminal or internet cafe machine for to internet banking (or any other important system) !
If so then You deserve to be robbed, you are stupid and should have no involvement in the IT industry. If you are not in control of a machine you do not use it for anything that involves the concept of privacy.
Question: What is this install a trojan and capture the screen?
CRAP ! Why would you do that? If you have written a trojan, that can you can trigger remotely (at the right time), then you can log the fucking key presses too, rendering the screen capture pretty pointless.
Why obscure the screen output when you can watch them type on the keyboard (as several more sensible commenter's have said) blanking the password only stops the most inept shoulder surfer.
TEMPEST screen reading, where shall I start ?
I attended a demo by some spooks (real ones) who specced all the equipment to make it work, it was pretty shit (unless you where reading a 40 column display).
If a working TEMPEST has been rolled out against you by the big boys then it's already too late for obscured passwords
Anyway similar techniques can be used for reading keyboards remotely so obscuring the field is once again pointless.
But then it was on Numb3rs so it must be true (the Scott brothers renowned science fact documentary makers)
Somebody standing too close while you are typing, tell them to Fuck Off !
As was said the passwords are all too often carried in plaintext, (BTW you do realise that clustered firewalls often end up with user entered data echoing around switched networks) looking for the virtual MAC.
To Adam Williamson, you can read password text fields from across the room this leads me to the following thoughts:
1: Tiny room
2: Giant fonts
3: New eyes (donated by a bird of prey?)
4: 52 inch display
5: You can't really but thought you would say you could
Hmmm which would I choose
Think of us poor unix & cisco people who don't use web front ends and don't even get those nice bullet points on screen.