FossifyOrg / Keyboard

Easy keyboard for inserting all kinds of texts, special characters and numbers.
https://www.fossify.org
GNU General Public License v3.0
285 stars 25 forks source link

Password Obfuscation #63

Open Ajt8000 opened 3 months ago

Ajt8000 commented 3 months ago

Checklist

Feature description

When copying passwords from a password manager, the password appears in the keyboard's top bar unobscured. It shows the password as text rather than as a series of dots or asterisks. This is a security issue as if someone was looking at my phone screen at the time they would now know my password for the app I was logging into.

Why do you want this feature?

For security sake.

Additional information

Please! :)

Aga-C commented 3 months ago

Does any keyboard and password manager provide such a function? 

I've tested KeePassDX and Firefox's password manager with two proprietary keyboards: Gboard and SwiftKey. For both password managers and both keyboards, I've always seen a copied password written in plain text.

Ajt8000 commented 3 months ago

I've had this work by default with AnySoftKeyboard combined with Bitwarden as the password manager.

I'm using Bitwarden with the Fossify keyboard as well.

Aga-C commented 3 months ago

I've just installed Bitwarden, and in AnySoftKeyboard I see the copied password as a text, not encrypted in any way.

signal-2024-07-29-11-46-55-601.jpg

Ajt8000 commented 3 months ago

It worked for me here. Regardless, it's a good feature to have, and really should be considered for Fossify.

Screenshot_20240729-121516_Trebuchet

Aga-C commented 3 months ago

I did some investigation and found out, that Gboard and AnySoftKeyboard display clipboard contents as asterisks, however it's not dependent on what the clipboard has, but on the type of the text field. I can copy any text, and after selecting the password field, the keyboard doesn't show clipboard contents as plain text.

Ajt8000 commented 3 months ago

That makes a lot of sense! Would it be possible to add this feature to Fossify?

naveensingh commented 3 months ago

Yes, but as Aga-C described above, it'll depend on the type of the text field in focus. The password will still be visible as plain text if you are, for example, typing into a browser.

It's hard to figure out when to redact something without tricks like monitoring your app usage and your clipboard 24x7 and that is bad.