A few weeks ago, my friend Dave Yates announced in his podcast how he accidentally typed his IRC password into the chat room that he was in. I can easily see how this could happen, while someone was trying to identify themselves to the server. To prevent this, he could have taken a couple of steps to ensure that he was not typing into an active chat window, so that even if he had made the same typo, his password would not be exposed. Alternately, just being careful might have prevented this.
Then again, it might not have…
Try as we might, technology finds a way to make things difficult, even when we do our best to be careful. Today, I had a similar experience to Dave’s. I was typing my password into a terminal so that I could log in to a machine via SSH. I typed the password, pressed Enter, and nothing happened…
For a few seconds…
And then my eyes wandered to the far corner of my screen, where I saw my password… which had been posted on Twitter.
I immediately deleted the post, shifted focus back to the terminal, logged in, and changed the password. Because I was using tilda, which has no title bad, there was no indication that the focus on the window had left the terminal window. Twhirl, my preferred Twitter client, had stolen the focus of my window manager, making the text I typed show up there, instead of where I wanted it, in the terminal. Obviously this was a minor inconvenience, but it could have been much worse.
Imagine the case of the user who hunts and pecks, and doesn’t touch-type or look up at the screen for long periods of time. Let’s imagine that some information much more valuable (credit card info, anyone?) than a password gets thrown into a window that decided it needs to take focus from whatever had it because it knows better.
This is my official declaration that applications should NOT be allowed to steal window focus unless it’s absolutely clear what is happening, and there is no possibility that confidential or proprietary information will be transmitted without the user’s knowledge. I’m not sure where to begin to get the word out on this. I assume with the authors of various desktop enviroments including GNOME, KDE, Windows, OS X, etc. Any suggestions and help are greatly appreciated.
The personal blog of Peter Nikolaidis