---

@sidsmom wrote:

I would think for many of QVC members who are visually impaired 

or have dexterity issues, the visual password function would be 

welcomed.  IMO.

---

@sidsmom  The passwords are defaulting to showing each time you come to the website. That is the biggest security vulnerabilty there is. Bad actors who obtain those will have all of your data. There is something QVC software folks can include in “customer preferences” that they could select on or off for those who have dexterity issues.  They will still be vulnerable to hacking of all of their data if passwords are shown in the clear, but that is a risk they themselves must choose. QVC acknowledges this as a major security vulnerabilty as they fixed this once before. 

I thought it was fixed too. 

The option to show or hide isn't really a problem for me, it is the fact that every time you go to log in, it comes up showing the entire password. The show function only came up if you chose it, then it only showed what letters you were typing in, one at a time, the blanked out, so you could see each key stroke you made, but never left the entire work/number sequence up. It should always be hidden, and was until recently. 

I too, would like to know what gives, that Q can't seem to fix this.

when i use the firefox browser to access qvc via my laptop it does not show unless i click on SHOW password.

I am not techy so my question is besides being visable to the person signing in on their PC who else has sight of it?

Sometimes the “Show” or “Hide” functions are reversed. If it says “Hide” the entire password is visible.  If switched to “Show” you can’t see it.  

            @Ketra, Websites normally use "masking" to hide a password as it's being entered, so we see asterisks or dots instead of the characters. 

            However, sometimes web hosting software does provide the option to "show."   

            On occasion, as @sidsmom said, someone might want to see the password -- for various reasons, one being that if we get the alert that the password was wrong and we know we only get a few attempts before being locked out, we might need to slowly type it and see it as we type, to be sure we're not entering it incorrectly or perhaps our keyboard is fouling up.   We can't see that when the password is masked.

            However -- and this is important -- the default should ALWAYS be to mask the password.   If an option is offered, the user should have to actively select it before the password is displayed.

           Lithium Hosting provides the web services for QVC.   They provide the sites for many other companies -- an good example to use for comparison is eBay, because eBay's login screen (if you go there and login, you'll see a "show" option) and also their community forums are similar to QVC's.   However, QVC clearly is using the most basic (can we say "cheap"?) version of the software and also the cheapest, least responsive technical support.

            The biggest security risk in showing the password is shoulder-surfing, eyeballs seeing it or a video of the process.   In some cases, a hacker could use visuals to try and capture logins, but usually they have a more sophisticated method of doing this.   Even so, this default to displaying our passwords is just another indication of sloppy, careless programming.

It does not matter if you choose show or hide because it always ends up showing and hiding.  Makes no sense.

I tried flipping that show/hide  to hide my password, then turned computer off and when I came back to sign on - it was there again.