Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password Obfuscation #63

Open
6 of 7 tasks
Ajt8000 opened this issue Jul 29, 2024 · 7 comments
Open
6 of 7 tasks

Password Obfuscation #63

Ajt8000 opened this issue Jul 29, 2024 · 7 comments
Labels
enhancement New feature or request

Comments

@Ajt8000
Copy link

Ajt8000 commented Jul 29, 2024
edited
Loading

Checklist

  • I made sure that there are no existing issues - open or closed - to which I could contribute my information.
  • I made sure that there are no existing discussions - open or closed - to which I could contribute my information.
  • I have read the FAQs inside the app (Menu -> About -> FAQs) and my problem isn't listed.
  • I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise.
  • This issue contains only one feature request.
  • I have read and understood the contribution guidelines.
  • I optionally donated to support the Fossify mission.

Feature description

When copying passwords from a password manager, the password appears in the keyboard's top bar unobscured.
It shows the password as text rather than as a series of dots or asterisks.
This is a security issue as if someone was looking at my phone screen at the time they would now know my password for the app I was logging into.

Why do you want this feature?

For security sake.

Additional information

Please! :)
@Ajt8000 Ajt8000 added feature request Issue is about a new feature in the app needs triage Issue is not yet ready for PR authors to take up labels Jul 29, 2024
@Aga-C
Copy link
Member

Aga-C commented Jul 29, 2024

Does any keyboard and password manager provide such a function? 

I've tested KeePassDX and Firefox's password manager with two proprietary keyboards: Gboard and SwiftKey. For both password managers and both keyboards, I've always seen a copied password written in plain text.

@Aga-C Aga-C added the waiting for author If the author does not respond, the issue will be closed. Otherwise, the label will be removed. label Jul 29, 2024
@Ajt8000
Copy link
Author

Ajt8000 commented Jul 29, 2024

I've had this work by default with AnySoftKeyboard combined with Bitwarden as the password manager.

I'm using Bitwarden with the Fossify keyboard as well.

@github-actions github-actions bot removed the waiting for author If the author does not respond, the issue will be closed. Otherwise, the label will be removed. label Jul 29, 2024
@Aga-C
Copy link
Member

Aga-C commented Jul 29, 2024

I've just installed Bitwarden, and in AnySoftKeyboard I see the copied password as a text, not encrypted in any way.

signal-2024-07-29-11-46-55-601.jpg

@Aga-C Aga-C added the waiting for author If the author does not respond, the issue will be closed. Otherwise, the label will be removed. label Jul 29, 2024
@Ajt8000
Copy link
Author

Ajt8000 commented Jul 29, 2024

It worked for me here. Regardless, it's a good feature to have, and really should be considered for Fossify.

Screenshot_20240729-121516_Trebuchet

@github-actions github-actions bot removed the waiting for author If the author does not respond, the issue will be closed. Otherwise, the label will be removed. label Jul 29, 2024
@Aga-C
Copy link
Member

Aga-C commented Jul 30, 2024

I did some investigation and found out, that Gboard and AnySoftKeyboard display clipboard contents as asterisks, however it's not dependent on what the clipboard has, but on the type of the text field. I can copy any text, and after selecting the password field, the keyboard doesn't show clipboard contents as plain text.

@Aga-C Aga-C added enhancement New feature or request and removed feature request Issue is about a new feature in the app needs triage Issue is not yet ready for PR authors to take up labels Jul 30, 2024
@Ajt8000
Copy link
Author

Ajt8000 commented Aug 1, 2024

That makes a lot of sense!
Would it be possible to add this feature to Fossify?

@naveensingh
Copy link
Member

Yes, but as Aga-C described above, it'll depend on the type of the text field in focus. The password will still be visible as plain text if you are, for example, typing into a browser.

It's hard to figure out when to redact something without tricks like monitoring your app usage and your clipboard 24x7 and that is bad.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@naveensingh @Ajt8000 @Aga-C