Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feeature Request] Option for password sharing #336

Open
julianpoemp opened this issue Apr 14, 2023 · 7 comments
Open

[Feeature Request] Option for password sharing #336

julianpoemp opened this issue Apr 14, 2023 · 7 comments

Comments

@julianpoemp
Copy link
Member

Scenario

There are some situations where you want to share a specific password with another smartphone/tablet. For example: You want to share the WLAN password to a friend of yours. Normally you would share the password via Bluetooth (you wouldn't want to transfer it via internet or there is no internet connection on the second device). To do that you would have to 1.) Create a note 2.) Copy password to that note 3.) Share note via Bluetooth. That's quite complicated.

Suggestion

A feature that allows password sharing. Possible options are:

  1. Bluetooth sharing: Copies password to a text file and shares it via Bluetooth
  2. QR-Code sharing: Generates an QR-Code of the password on the first device. The seconddevice needs to read that QR-Code and copies the password to the prompt. This would scale very well if more than one device needs that password.

Regard to point 1) perhaps you could use the default sharing popup with other options like sending via SMS/Whatsapp/Printing etc. For sure it's not recommended to send Password via Whatsapp a.s.o., but the user would have the options.
@perry-mitchell
Copy link
Member

Hmm.. this is an interesting idea. I both see the use in it, and am also hesitant to accept it because of the security implications. Being able to immediately ship passwords off a device is potentially very dangerous. I'll think on this one.

Regarding the QR code - I like this better, but what would the receiving side look like? Would you use Buttercup there too to scan the QR? If not you're just scanning using the base camera app or QR code scanning app and it falls into the same problem as the first point.

@julianpoemp
Copy link
Member Author

Regarding the QR code - I like this better, but what would the receiving side look like? Would you use Buttercup there too to scan the QR? If not you're just scanning using the base camera app or QR code scanning app and it falls into the same problem as the first point

Sharing passwords to devices without Buttercup should be the important point, because in my scenario the target device doesn't have an internet connection or Buttercup installed.

How would you transfer a password from Buttercup to another device that doesn't have internet access and doesn't have Buttercup installed at the moment? For now every time I'm in that situation I have to do the workaround of copying the password to a note and send it to another device via Bluetooth (and make sure to delete the file).

@perry-mitchell
Copy link
Member

The ability to receive doesn't infer that internet access is required - I was talking offline.

My issue here is moreso sending credentials to others via an app such as WhatsApp etc - it's ugly and promotes terrible security practices. I recognise that there are edge cases and that users might just want the power to do this, but just adding it would present every user with such an option and that would be an endorsement from us. This will probably mean we won't add it in this form.

I still like this idea and want to keep it open but it needs to be fleshed out a bit more :)

@julianpoemp
Copy link
Member Author

I understand your concerns and my main idea of sending passwords to devices nearby would be Bluetooth and QR-Code, perhaps NFC. These ways of data transfer work without any third party app involved. If the password was transferred to the target it's on the owner of the password to remove remaining files on the target.

Further I thought about a way to ensure encryption and temporary access to the password with the help of an HTML file embedded into a QR-Code. I rejected this idea because 1) it's not possible to embedd an HTML file into QR Codes (most readers don't support/block base64 URLs) and 2) even if it was possible it would need third party libraries to be embedded into the HTML file (=> too many chars in base64 for data URL).

This is just an idea that came into my mind because situations of sharing (WLAN-) passwords happen to me quite often 😅

@perry-mitchell
Copy link
Member

I'd consider NFC and QR codes. Not sure about Bluetooth but I'd consider it if someone contributes it.

Probably a warning would be enough to ease a bit of liability here.

Good idea! Let's see when we get to this. Thanks :)

@julianpoemp julianpoemp changed the title [Feeature Request] Option to sharing password [Feeature Request] Option for password sharing Apr 15, 2023
@julianpoemp
Copy link
Member Author

maybe, if the qr code reader from #310 works this feature could be added. Sharing vault entries via qr code would be very nice (encrypted, both sides need Buttercup) or unencrypted (other side just needs an qr code reader) :)

@perry-mitchell
Copy link
Member

Sure, but we still need to consider that the sync'd entries will de-sync after one side changes something, so we need to include update functionality.

But yes, it's a necessary first step before sync'ing within an account like via a hosted server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@perry-mitchell @julianpoemp