Keyboard icon indicating copy to clipboard operation
Keyboard copied to clipboard
verified publisher icon FossifyOrg

Password Obfuscation

Open Ajt8000 opened this issue 1 year ago • 8 comments

Checklist

  • [X] I made sure that there are no existing issues - open or closed - to which I could contribute my information.
  • [X] I made sure that there are no existing discussions - open or closed - to which I could contribute my information.
  • [X] I have read the FAQs inside the app (Menu -> About -> FAQs) and my problem isn't listed.
  • [X] I have taken the time to fill in all the required details. I understand that the bug report will be dismissed otherwise.
  • [X] This issue contains only one feature request.
  • [X] I have read and understood the contribution guidelines.
  • [ ] I optionally donated to support the Fossify mission.

Feature description

When copying passwords from a password manager, the password appears in the keyboard's top bar unobscured. It shows the password as text rather than as a series of dots or asterisks. This is a security issue as if someone was looking at my phone screen at the time they would now know my password for the app I was logging into.

Why do you want this feature?

For security sake.

Additional information

Please! :)

Ajt8000 avatar Jul 29 '24 07:07 Ajt8000

Does any keyboard and password manager provide such a function? 

I've tested KeePassDX and Firefox's password manager with two proprietary keyboards: Gboard and SwiftKey. For both password managers and both keyboards, I've always seen a copied password written in plain text.

Aga-C avatar Jul 29 '24 08:07 Aga-C

I've had this work by default with AnySoftKeyboard combined with Bitwarden as the password manager.

I'm using Bitwarden with the Fossify keyboard as well.

Ajt8000 avatar Jul 29 '24 09:07 Ajt8000

I've just installed Bitwarden, and in AnySoftKeyboard I see the copied password as a text, not encrypted in any way.

signal-2024-07-29-11-46-55-601.jpg

Aga-C avatar Jul 29 '24 09:07 Aga-C

It worked for me here. Regardless, it's a good feature to have, and really should be considered for Fossify.

Screenshot_20240729-121516_Trebuchet

Ajt8000 avatar Jul 29 '24 11:07 Ajt8000

I did some investigation and found out, that Gboard and AnySoftKeyboard display clipboard contents as asterisks, however it's not dependent on what the clipboard has, but on the type of the text field. I can copy any text, and after selecting the password field, the keyboard doesn't show clipboard contents as plain text.

Aga-C avatar Jul 30 '24 15:07 Aga-C

That makes a lot of sense! Would it be possible to add this feature to Fossify?

Ajt8000 avatar Aug 01 '24 10:08 Ajt8000

Yes, but as Aga-C described above, it'll depend on the type of the text field in focus. The password will still be visible as plain text if you are, for example, typing into a browser.

It's hard to figure out when to redact something without tricks like monitoring your app usage and your clipboard 24x7 and that is bad.

naveensingh avatar Aug 01 '24 10:08 naveensingh

there could be a settings toggle for always obscuring the clipboard content by default, with an 👁️⁠eye button to show it

sosasees avatar Jan 29 '25 11:01 sosasees