search

SunilProgramer / secrets-for-android

Automatically exported from code.google.com/p/secrets-for-android
0 stars 0 forks source link

Allow the user to change the master password #7

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The user should be able to change the master password for getting into 
Secrets after having successfully logged in.

Original issue reported on code.google.com by roge...@gmail.com on 11 Apr 2009 at 7:59

GoogleCodeExporter commented 9 years ago 
Currently, as of version 1.2.1, anyone gaining access to an Android device and 
not 
knowing the master password could "Reset password" from the main screen and 
delete 
all the secrets. Is this desired?

Original comment by shonzi...@gmail.com on 13 May 2009 at 12:57

GoogleCodeExporter commented 9 years ago 
Anyone gaining access to an Android device could uninstall the program too, 
with the 
same result, so I don't think this feature increases the likelihood of the 
problem.

Note that if you use the backup feature, a copy of your secrets (still 
encrypted) is 
made to the SD card.  This file will remain after a password reset or an 
uninstall.  Of 
course, this does not prevent malicious intent.  This is one of the reasons for 
issue 
4: to provide online backup of the secrets.  In the meantime, you can also copy 
the 
encrypted secrets file to a safe place off your phone.

Original comment by roge...@gmail.com on 14 May 2009 at 3:09

GoogleCodeExporter commented 9 years ago

Original comment by roge...@google.com on 17 May 2009 at 3:47

GoogleCodeExporter commented 9 years ago 
I understand your point and it makes sense. 

I believe it should be made less likely to allow someone to mess up mobile 
owner's 
secrets database by resetting master password at the login screen "just because 
it's 
possible and easy to do". With my first comment I actually supported your first 
comment: master password should be resettable _after_ having successfully 
logged in 
with the current one.

If the owner forgot the password, the he or she would have no choice but to 
uninstall 
the application or have the application data erased (I assume Secrets would 
initialize the database if non is found).

Original comment by shonzi...@gmail.com on 17 May 2009 at 10:12

GoogleCodeExporter commented 9 years ago 
Hi shonzilla,

You are suggesting that someone, with malicious intent, who gets access to your
phone, can easily delete all your passwords by choosing "Reset password".  You 
are
correct, they can do this.

You are also suggesting that the application should provide, for the owner that 
has
forgotten their password, a way to have "the application data erased".  This is 
 what
"Reset password" is for.

Can you explain how you would design this "erase data" feature so that it is 
easy for
the owner to access, yet more difficult for a malicious user to take advantage 
of? 
Note that I don't believe the legitimate owner should need to uninstall and 
reinstall
the application if they forgot their password.  Thanks.

Original comment by roge...@google.com on 18 May 2009 at 2:54

GoogleCodeExporter commented 9 years ago 
Workaround for the original issue of this bug: Allow the user to change the 
master 
password

1. Login in to secrets.
2. Export secrets to the SD card.
3. Logout of secrets and go back to the login page.
4. Press the MENU key and choose "Reset password".  Click yes to confirm.
5. Enter new password, and confirm it.
6. Import secrets from the SD card.

Note that this procedure will cause the access history of the secrets to be 
lost.

Original comment by roge...@google.com on 3 Jul 2009 at 12:10

GoogleCodeExporter commented 9 years ago 
Can you really change your password in this way? It suggests you can load 
backed-up
secrets without knowing the password used to create those secrets. I don't see 
how
this can or should be able to work without being a gaping security hole.

Note I haven't used secrets.. just looking for something that can provide this
function and about to install it.

Original comment by jon.po...@gmail.com on 16 Sep 2009 at 6:40

GoogleCodeExporter commented 9 years ago 
Hi Jon,

Secrets supports a backup and restore feature, and this required knowledge of 
the 
password.

Secrets also supports an import/export feature, which is meant to transfer your 
information from/to another password manager.  Because the various password 
managers do 
not use the same internal format, import and export is necessarily performed 
with clear 
text file formats, usually csv files.  The workaround suggested in comment #6 
uses this 
import/export feature to get around the missing "change master password" 
feature.

The csv file contains your secrets in the clear though, so it should be deleted 
immediately after performing the workaround.  Secrets ill automatically offer 
to delete 
the file for you in step 6.

I hope this helps.

Original comment by roge...@gmail.com on 16 Sep 2009 at 1:39

GoogleCodeExporter commented 9 years ago 
Got it. Thanks for the response! Installing now :)

Original comment by jon.po...@gmail.com on 30 Sep 2009 at 2:53

GoogleCodeExporter commented 9 years ago 
Of version 2.0, secrets supports changing the master password without any of 
the workarounds suggested above.

Original comment by ro...@tawacentral.net on 31 Aug 2012 at 12:51