Look--this is turning into socail engineering. I can call up AOL anytime I want, and, with the last 4 digits of my SSN, I can get my password--I am not saying that this is a good thing on AOL's part, but the idea of "no one ever seeing anyone else's password" is, if not excessive, certainly not something that is currently perceived as a problem.
I don't need to be weaned off of anything. I don't need someone to do my thinking for me and to use some sort of techno-skinnerian procedural box to circumscribe what I want. If one thing remains a constant in my philosophy, it is a resistance to anyone trying to tell me what I ought to want.
In fact, the reason I want to be able to see the passwords is just as persuasive from a security standpoint. Since I now have several hundred people with access to these computers, and since stealing one another's computer identities is, at times, an indoor sport for students, I want to be able to ask them **what they think** their password is. If their answer is close, I can correct their mistake over the phone--otherwise they have to truck over to my office with ID. If I can't do this, then I have to insist that everyone see me personally. Otherwise, if I give out the info without verifying their identity, there will (and believe me, there will!!!) be a run of kids scarfing up their friends' or enemies' accounts.
Like Dan, I also have a remote constituency--distance learners and people out on clinicals, as far away as Alaska--I need some ratrional way to deal with this--I never thought of hinting--but that is reasonable--I can't think of any leak-tight way of doing this, but it really seems to me that **never** seeing the passwords is much more leaky--either that or it makes my system so hard to use that people stop using it.
There is still another reason--people often dispute or are confused as to why they can't sign on. People do not report their problems in a machine-like accurate manner, and some have axes to grind--they want to prove they are not to blame so they can hand an assignm,ent in late, or not show up for a chat appointment on time etc etc., and there are still others who are just plain miserable, and make my life miserable by constantly complaining about a system that is actually working fine. Such folks do not accurately report error messages, even one as clear as a user password error. They willsay it isn't there when it is and that it is there when it is not. My first question in such an exchange used to always be "What is your user name and what is your password" in order to get to the bpottom of what the real problem was. Many technical problems or complaints stopped right there. Now I no longer have that convenience.
To get all absolutistic about it is all wrong--I mean there is no class in BBS101, and no procedures that have to be followed by everyone--different people have different needs. For the first 8-10 years of its existence, TF displayed openly the passwords. I don't think it is necessary to go to the other extreme and not let anyone see them--the fact that I can do that using resedit illustrates that, as does the fact that that I can export them to a file ( i did not know that UM could also generater a text file whioch showed the non bulleted passwords--according to Dan O it can--well then this is a simple matter of making the software convenient to use.
When Rusty wrote
<<If it was a simple menu item, of what use would the bullets be to the sysops that have asked for them?>>
he fell into the trap of seeing this as a black and white problem--obviously, if you password protect this function (or all admin functions as Dan O suggests), you are right smack in the middle. In fact I like the option of having the bullets, precisely because my machines are here in the open for all to look at. But I want them to be an option, not a requirement.
Since anyone with my sysop password can enter computer and (for example) dump most of my files--in othewr words we already rely on a sysop password to protect the whole shebang, I don't see how security would be undermined by protecting this single administrative function in User Manager in the same way.
