Open julianpoemp opened 1 year ago
Hmm.. this is an interesting idea. I both see the use in it, and am also hesitant to accept it because of the security implications. Being able to immediately ship passwords off a device is potentially very dangerous. I'll think on this one.
Regarding the QR code - I like this better, but what would the receiving side look like? Would you use Buttercup there too to scan the QR? If not you're just scanning using the base camera app or QR code scanning app and it falls into the same problem as the first point.
Regarding the QR code - I like this better, but what would the receiving side look like? Would you use Buttercup there too to scan the QR? If not you're just scanning using the base camera app or QR code scanning app and it falls into the same problem as the first point
Sharing passwords to devices without Buttercup should be the important point, because in my scenario the target device doesn't have an internet connection or Buttercup installed.
How would you transfer a password from Buttercup to another device that doesn't have internet access and doesn't have Buttercup installed at the moment? For now every time I'm in that situation I have to do the workaround of copying the password to a note and send it to another device via Bluetooth (and make sure to delete the file).
The ability to receive doesn't infer that internet access is required - I was talking offline.
My issue here is moreso sending credentials to others via an app such as WhatsApp etc - it's ugly and promotes terrible security practices. I recognise that there are edge cases and that users might just want the power to do this, but just adding it would present every user with such an option and that would be an endorsement from us. This will probably mean we won't add it in this form.
I still like this idea and want to keep it open but it needs to be fleshed out a bit more :)
I understand your concerns and my main idea of sending passwords to devices nearby would be Bluetooth and QR-Code, perhaps NFC. These ways of data transfer work without any third party app involved. If the password was transferred to the target it's on the owner of the password to remove remaining files on the target.
Further I thought about a way to ensure encryption and temporary access to the password with the help of an HTML file embedded into a QR-Code. I rejected this idea because 1) it's not possible to embedd an HTML file into QR Codes (most readers don't support/block base64 URLs) and 2) even if it was possible it would need third party libraries to be embedded into the HTML file (=> too many chars in base64 for data URL).
This is just an idea that came into my mind because situations of sharing (WLAN-) passwords happen to me quite often 😅
I'd consider NFC and QR codes. Not sure about Bluetooth but I'd consider it if someone contributes it.
Probably a warning would be enough to ease a bit of liability here.
Good idea! Let's see when we get to this. Thanks :)
maybe, if the qr code reader from #310 works this feature could be added. Sharing vault entries via qr code would be very nice (encrypted, both sides need Buttercup) or unencrypted (other side just needs an qr code reader) :)
Sure, but we still need to consider that the sync'd entries will de-sync after one side changes something, so we need to include update functionality.
But yes, it's a necessary first step before sync'ing within an account like via a hosted server.
Scenario
There are some situations where you want to share a specific password with another smartphone/tablet. For example: You want to share the WLAN password to a friend of yours. Normally you would share the password via Bluetooth (you wouldn't want to transfer it via internet or there is no internet connection on the second device). To do that you would have to 1.) Create a note 2.) Copy password to that note 3.) Share note via Bluetooth. That's quite complicated.
Suggestion
A feature that allows password sharing. Possible options are:
1) Bluetooth sharing: Copies password to a text file and shares it via Bluetooth 2) QR-Code sharing: Generates an QR-Code of the password on the first device. The seconddevice needs to read that QR-Code and copies the password to the prompt. This would scale very well if more than one device needs that password.
Regard to point 1) perhaps you could use the default sharing popup with other options like sending via SMS/Whatsapp/Printing etc. For sure it's not recommended to send Password via Whatsapp a.s.o., but the user would have the options.