It’s a generally accepted practice that passwords should be masked when being displayed to users. In addition to preventing over-the-shoulder password snooping, displaying “*****” instead of the actual password gives users a sense of security that somehow, through the magical wizardly of computers, their password is secure. Whether that’s worth the usability hassle, however, is certainly up for debate.

Adam’s colleagues take this practice very seriously, and have gone so far as to mask it from themselves. Their application is a fairly standard three-tier system – database, middle-tier objects, and user interface – and the password masking occurs smack-dab in the middle.

public string Password
{
  get
  {
    return "*******";
  }

  set 
  {
    if (value != null && value.Length < User.MIN_USER_LENGTH)
    {
      string msg1 = Translator.Instance.Translate(
          Translation.MsgList.String_Type.PasswordLen);
      try
      {
        System.Windows.Forms.MessageBox.Show(
	    string.Format(msg1, User.MIN_USER_LENGTH.ToString()));
      }
      catch
      {
        System.Windows.Forms.MessageBox.Show(
	    msg1 + ", " +  User.MIN_USER_LENGTH.ToString());
      }
    }
    else
    {
      if(log != null )
      {
        string msg = Translator.Instance.Translate(
	    Translation.MsgList.String_Type.PasswordChanged);
        try
        {
          msg = string.Format(msg, this.Name);
        }
        catch
        {
          msg += ": " + this.Name;
        }
        log.AddToLog(msg,"","*******");
      }
      string oldname = password;
      password = value;

      if (eventHandler != null)
      {
        CustomEventArgs e = new CustomEventArgs();
        e.name = "******"; //dont pass the password around
        eventHandler(this,e);
      }
    }
  }
}

Of course, the real problem in all this is not so much the masked password, but the fact that Adam was tasked with using the middle tier to develop a web-based version of their application. Given that this property (and so many more) fires an interactive dialog (System.Windows.Forms.MessageBox), he’s being extra-careful not to pass unvalidated data to them.