User-specified password displaying during install
|Reported by:||Ribbontree||Owned by:||dd32|
I appreciate the improvement that users are prompted to choose their own password. However I think there has been an oversight with this change.
Historically it has been essential to display the password onscreen, because the user did not specify it.
I believe it is now dangerous to continue displaying a user's own specified password. It is obscurred with an <input type="password" /> field, so one would not expect it to be visible on a subsequent page.
Many people use their passwords for several different sites; to display this password on screen, when it was originally obscured is likely to upset people who weren't expecting this behaviour.
Tested in nightly build downloaded approximately 21 hours ago.