GNOME Bugzilla – Bug 773465
Shift and Enter twice inadvertantly reveals password.
Last modified: 2016-10-25 14:58:14 UTC
When logging in and not releasing the shift key after entering your password, which is not so uncommon if your last password character is a capital letter, and then hitting enter twice (e.g., because you are nervous or in a hurry), you inadvertantly reveal your password to anyone watching your screen because "Show password" is selected and the cleartext password is shown on your screen. This has major implications in work- and public environments or if you do a public screencast.
This relates to https://bugzilla.redhat.com/show_bug.cgi?id=1178806 which was automatically closed because of EOL.
I accidentally exposed part of my password to a coworker when I did this while unlocking my screen in a hurry. (I'd assumed that I somehow hit the <Menu> key, not realizing that Shift-Enter shows the popup menu.)
Thanks for taking the time to report this. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find. *** This bug has been marked as a duplicate of bug 740043 ***