Is it just me or?

albbisalbbis Posts: 3
in F-Secure KEY
Hi, just tested this on W7PC and now here to share some thoughts.
 
Whenever I see my password in plain text my heart stops, unless I want to see them intentionally. This happened on the add/edit page and when I tried the export feature and pressed the export button. Yes I understand that at this point the copy data is in plain text and you're going to paste it somewhere in plain text. Still I wouldn't want to see them in plain text, at least not on the app itself.
 
Ideas:
 
I felt that some security steps were missing.
 
EXPORT: Didn't ask for master password.
CONNECT DEVICES: Didn't ask for master password.
 
For the plain text part I would suggest something like this.
 
Add "EDITMODE": Asks for master password, allows viewing of passwords in plain text(enables show/hide), allows deleting entries.
 
I can understand that this can be frustrating to do on mobile devices since you probably just want to view the passwords there.
 
Or simply add (show / hide) button to the add/edit page like in the main view.
 
Call me extra cautious or paranoid but that's what I think Smiley Very Happy
 
R,
 
Hemmo
Like

Best Answer

  • JuhaTJuhaT Posts: 55
    Accepted Answer

    Hi Hemmo and thanks for the ideas!

     

    We released Key version 1.3 updates yesterday for Win, OS X and Android (iOS in iTunes review process). This version now captures hide/reveal button for password fields to toggle between plain text and hidden. This is applied when viewing, adding or editing entries.

     

    Connect devices will not ask for the master password in case the master password (i.e. the master encryption key) is active and matches the master password of database from the second device that is synchronized. If the two devices who are synced do not share the same encryption credentials, then you will be prompted for the master password in order to decrypt the synchronized data.

     

    As for the export passwords case; I see the additional security factor what prompting for master password would introduce when doing that. I'll look when we could have this in future releases, but cannot at this stage estimate when we could roll this out.

     

    You can download the latest Windows version from the product web page:

    http://www.f-secure.com/en/web/home_global/key

     

    BR;

    Juha

    Like

Answers

  • albbisalbbis Posts: 3

     

    Connect devices will not ask for the master password in case the master password (i.e. the master encryption key) is active and matches the master password of database from the second device that is synchronized. If the two devices who are synced do not share the same encryption credentials, then you will be prompted for the master password in order to decrypt the synchronized data.

     

    Stupid me :)

     

    For the other parts: awesome!

     

    R,

    Hemmo

    Like
This discussion has been closed.