Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

option to see the password #1254

Open
Ilav1 opened this issue Feb 20, 2024 · 2 comments
Open

option to see the password #1254

Ilav1 opened this issue Feb 20, 2024 · 2 comments
Labels
enhancement security/privacy UI/UX

Comments

@Ilav1
Copy link

Ilav1 commented Feb 20, 2024

The problem

When you are using the passwort protection you can only see the dots. When you tipe your password like "testPW" maybe it's possible to write "restPW" or something else. It doesn't matter in short Passwort phrases but when you use a longer one with special symbols, it's not possible to check the password and maybe you can not open the message.
When I want to send a file to some people with the option to download the file a long time with PrivateBin and wrote a wrong password, you can't open or download the file anymore.

The solution

Adding an "eye-button" to show the password until click the "eye-button" again

Alternatives

Adding these option to the config file to enable it just if you want to. So the user who doesn't want these feature (because of security or other reasons) it can be disabled.
@elrido
Copy link
Contributor

elrido commented Feb 20, 2024

You have the option to retry the password multiple times, there is a retry button and dialogue informing about it:

PrivateBin password retry

An eye-button (password display) is arguably introducing a new security risk. But I do understand it would improve the UX. The dots are used to prevent shoulder surfing, but unfortunately do leak the information how long the password is.

@Ilav1
Copy link
Author

Ilav1 commented Feb 20, 2024

I know that it's a new security risk when you are able to see the password. Because of that I think this option should be optional like the password option itself. So when you want to enable the password option you also can enable the password display option as well.

To click the button is under your controll and of course it doesn't make sense to show the password when your driving in a bus.

Your example is just to try the password again. When you wrote "r" instead of "t" you won't figure out a long password.

When I want to share a file, which I have to delete on my device, because only the other people should have it, the file is gone. I know this is an abstract situation but I hope the problem is present now.

Maybe other people want to have the same option. Anyway... I have to say that I really like privatebin :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security/privacy UI/UX
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elrido @Ilav1