open/close all folders
- In the Watchmen comic, not only does the password show up on the screen, the computer helpfully informs the person breaking into the system that the password is incomplete. Hey, it was The '80s, it was a simpler, more naive time; you don't know things didn't work that way then. There's also a theory that Ozymandias wanted them out of New York City before he kills half of the city's populationto prevent a nuclear war between the United States and Russia.
Films — Animated
- Taken to its extreme in The Incredibles. Not only does Syndrome's computer display the password, but his monitor is the size of an IMAX screen and the letters are several feet tall. Of course, just to get to the computer you have to get past a literal firewall (a waterfall of lava) and an array of anti-superhero turrets fire at you if you get the password wrong, so Syndrome probably isn't too worried about unauthorized users seeing his password.
Films — Live-Action
- WarGames has a Highly Visible Password typed in a terminal program. In most real-life command line programs, a password simply won't show up at all rather than showing up either as plain text or as asterisks. This can be irritating if you don't realize you've made a typo because you can't see that there's one extra asterisk.
- Strange inversion in the Death Note movie: the username is asterisked out while the password is highly visible. Some Real Life systems actually work that way.
- Happened in Batman Forever.
- Also with Alfred's disc in Batman & Robin.
- In the Bibi Blocksberg movie, Rafea uses a spell to make the password of Mr. Blocksberg's computer a highly visible one.
- The password entered by Kevin Flynn to enter the Master Control's computer system in TRON would have been a better one if it wasn't so visible: REINDEER FLOTILLA, 17 characters in all (remember, spaces count!!)
- In Unknown (2011), when Liz types in the passwords, they are visible in plain text. And they are using spaces.
- In Tidal Wave: No Escape, this is how the user is shown ahead of time that the big bad's ultimate (and all-caps) computer password is the hero's name.
- Happened in The Running Man.
- In The Secrets of the Immortal Nicholas Flamel the speaking passwords out loud variation is used, with the passwords to the various security systems of Machiavelli's all being the Italian titles of his works. Fortunately, they do have voice recognition, so it's not as if his enemies could just hire a Renaissance scholar to crack them. And nobody knows (or would believe) he's the original Machiavelli anyway.
- When running through the security check to power up one of the setting's Humongous Mecha in BattleTech novels, the passphrase is always spoken out loud. Less of a security risk than it may seem since the pilot is usually alone in the cockpit at the time and other ways to hack into and take over a 'Mech exist anyway, but definitely a case of Viewer-Friendly Interface.
Live Action TV
- Happens in Heroes when Mohinder's trying to guess his father's password.
- Ditto when Elle was trying to get into her father's computer
- All versions of Star Trek have the "say the password aloud" version of this trope. They are checking for voice matches too, but a few episodes have shown that the computer can be fooled by a recording of the officer in question saying the password - or even just a really good impersonator.
- Also, what happens if the officer in question catches a cold?
- In "A Scandal in Belgravia", after Sherlock correctly infers that the blanks in the password to Irene's smartphone, which displays "I AM ***LOCKED," should be filled in with the letters S,H,E and R, they appear rather dramatically on the phone's screen.
- And again in "The Hounds of Baskerville", with the password to Major Barrymore's mainframe.
- The X-Files, "Little Green Men": When Agent Scully needs to open a password-protected file on Mulder's computer, her guesses are visible to viewers. She tries SPOOKY (Mulder's nickname), SAMANTHA (name of his abducted little sister), and the third is the charm: TRUSTNO1, which are the dying words of Mulder's first Mysterious Informant Deep Throat.
- This very wiki unfortunately doesn't store users' passwords securely at all. If you look in your browser's cookies, you'll likely see your password there, clear as day. Since sessions aren't encrypted, this also means your password is sent in cleartext every time you load a page.
- In the game Second Sight, the player can access computer terminals. If the terminal needs a password and the player doesn't know it then John Vattic (the Main Character) keeps entering generic passwords, which the player can see on the screen.
- In the game Fallout 3, when a player attempts to hack a computer, not only does the computer conveniently provide a list of possible passwords, it also tells you how many letters are correct and in the right place.
- Ironically the password is asterisked when you type it (i.e. when you know it).
- Every time you encounter a keypad locked door in one of the Crusader games, there will be a computer nearby with an email on the screen reading something to the effect of "In accordance to our security regulations, the access code to the lab has changed. The new code is 349".
- Sly 2: Band of Thieves: One mission requires you to trigger the alarms to lure a guard to deactivate them, at which point you can photograph the passcode, which is displayed in enormous digits just above the keypad.
- In Splinter Cell Chaos Theory there is not so much a highly visible password as a highly audible one. A guard will be having an argument with someone over the phone within earshot of the player. When the player starts listening in, the topic has changed to the dangers of speaking a door code out loud. The frustrated guard will then shout out the door code repeatedly to prove that nobody is listening in.
- At one point in Broken Helix, the player is given the password for a computer containing the files for Project Broken Helix. This trope occurs when the player enters the password, which clearly says "Contact".
- In Mega Man Battle Network, MegaMan.EXE is always able to see the passwords and security certificates Lan needs him to handle; this is justified because as a NetNavi one of his roles is to help manage passwords, and he is typically in the right data spaces to see and manage said passwords, which are sometimes amusingly visible from his point of view as massive letters printed on huge floor tiles.
- Code Lyoko gives us the referential type: when Jérémie is first prompted for an access code for Sector 5 (codenamed "Carthage"), we're treated to a series of dropped names from the Punic Wars before he finally gains access with "SCIPIO" (Scipio Romanus, the guy who eventually conquered Carthage).
- In the finale of Cyber Six, Von Reichter's password to move his "Isle of Doom" is "THE LATE CYBERSIX" in hugely visible block-print letters. Of course Jose reads it rather easily and bites Von Reichter in the rear so hard with it it's not funny.
- The initial version of the Wii's Internet Browser used an on screen keyboard that showed you what you were typing, no matter what kind of field you were typing it in. The latest version will display asterisks if you are filling in a password field, but that's only if you aren't using the word completer.
- That said, just try and input a password into a field using the screen's keyboard (ie, not plugging in a keyboard into a USB port) with someone in the room and do so without them figuring out what it is. Also, linking your Wii Shop Channel account to your Club Nintendo account requires a password which isn't masked in any way.
- Same thing for the PS3's onscreen keyboard
- Several touch-screen devices display the most recently typed letter of the password, with the rest being dots. For instance, if you're typing "trope", it will appear as t, *r, **o, ***p, ***e, *** . Not a bug but an Anti-Frustration Feature, as the tiny on-screen keyboard makes it very easy to hit the wrong key, and if it was all dots there'd be no way to know you'd done it until your login was refused.
- This has been seen in iPod touch, iPhone, iPad, Android devices (if "Visible passwords" is turned on), the DSi's web browser, the 3DS & Wii U eShops, and the Blackberry Storm 9500.
- Some versions of the Palm also did this. Stories abound of people making their passwords all asterisks to fool shoulder snoopers.
- There's a Firefox extension called "Show my Password" that does this, for people who are annoyed by their passwords being hidden on computers located in their own homes where no one could possibly be spying on them. This is not as true as they'd like to think, at least if you're important enough to spy on.
- Fridge Logic: if you are important enough to spy on, aren't you important enough to have a keylogger put into your computer? (Given that one of these can be done remotely...)
- What if you don't know you're important enough to spy on?
- The "remember my password on this computer" function can have a similar effect. Hilarity Ensues whenever someone uses this for something critical without bothering to set a login password for their PC, and it gets stolen.
- A start-up password is *NOT* secure. They take less than two minutes to bypass by moving a jumper on the motherboard. Nor are windows startup passwords secure.
- Even if that start-up password WAS secure, it does *NOT* lock up the documents stored on a hard drive, which can easily be accessed by another operating system to which you DO have the password. It merely prevents access through the OS installed on that drive. To secure the actual documents, you would need file encryption.
- And then there's folks who think that passwords should not be masked by default anyway.
- The first computer hackers, mostly found at MIT in the late 50s / early 60s, believed there shouldn't be passwords at all — everybody should have access to everybody's files — yes, even write access! They managed to keep that ideology in place in university computers for a surprisingly long time. Read all about those folks in this book.
- Some command line programs (like the MySQL client) still have ways of entering the password in the clear.
- In one of the more boneheaded examples of this trope, an update to a popular VPN program requires the user to enter the password by clicking on a huge on-screen keyboard. With the positions of the keys randomized, to slow you down while you search for where the A key is this time so that the person sitting next to you has plenty of time to jot down your password. The password itself is masked, presumably because it makes the joke funnier that way.
- This quote on Bash.org.
- Inverted by Lotus Notes; the password field dumps random huge numbers of asterisks into the password field as you type so you can't even tell how long it actually is from the screen.
- A feature that is becoming more common and is available on the Windows 8 (and up) operating system is the ability to toggle between asterisks and a visible password by clicking a small button beside the password input box.
- Most Unix and Linux password input fields in the terminal avert this by way of not even showing anything as the password is typed.
- A type of attack called a replay attack would allow a hacker to use a hashed password to pose as a real user. The theory is, since the hashed password is, in theory, unique, it's effectively the same thing as the password itself. Thankfully there are measures to avoid this that are easy to implement.
- Smartphone on-screen keyboards usually avert this trope:
- Many custom keyboards for Android will disable word prediction and completion if they detect you typing in a password field.
- iOS will forcibly switch your keyboard to the stock iOS keyboard with prediction and correction turned off when typing in a password field.
- Many web sites and programs will temporarily disable password masking if you submit an incorrect password, presumably on the assumption that you still know your password and just mistyped it.
- TV Tropes wiki password changer, though an overhaul to the wiki software has since fixed that.
- Telnet transmits all its information in plaintext, which means that anyone with a packet sniffer can see your MUD password. This is why Telnet has been deprecated for remote logins in favor of SSH.