show password prompt one more time if password was mistyped

[mightyBroccoli]

I get that this might sound bold but hear me out. All login prompts I am familiar with, operate on the same basis.

• type in username
• type in password
• enter
• if username and password match profit
• if password is not correct ask the user to reenter the password

If you mistype your password you are asked to reenter your password at least once, until some escalation takes place. With this greeter it is possible for people to leak their passwords due to the fact that a mistyped password results in a new username field which shows characters in plaintext.

[tobiohlala]

I get your point. Maybe we should indicate when an invalid password has been entered and provide the password prompt one more time before finally returning to the user prompt when the user types an invalid password the second time.

[mightyBroccoli]

Yes that would be great.