mssun / passforios

Pass for iOS - an iOS client compatible with Pass command line application.
https://mssun.github.io/passforios
MIT License
1.51k stars 101 forks source link

Text-field containing password treated as regular text #179

Closed david-bergstrom closed 6 years ago

david-bergstrom commented 6 years ago

The field containing the password on the screen where passwords are created/edited is treated as a regular text input field. This causes two problems:

  1. It is a security issue as a third-party keyboard can read the password and later suggest it back to the user when the user is using some other app.
  2. It makes it cumbersome to manually enter a password as the keyboard might try to autocorrect the password into some similar word.

I have attached a screenshot which hopefully makes the problem clear:

img_1400

yishilin14 commented 6 years ago

@david-bergstrom Good point!

yishilin14 commented 6 years ago

@mssun Setting textContentType="password" doesn't solve the problem.

yishilin14 commented 6 years ago

I Googled a bit. And I can't find an elegant solution for now.

There are two options with pros and cons.

I don't know how to force the app to use the system keyboard, without setting "textField.secureTextEntry = YES" and masking the password. Any suggestions?

savyajha commented 6 years ago

Nothing wrong with masking the password. It's done in nearly every app which requires password input. I'd suggest using textField.secureTextEntry = YES and masking the password.

mssun commented 6 years ago

I think we can do it like 1Password:

Image

yishilin14 commented 6 years ago

@savyajha Personally, I would like to take a look at the password before saving it.

@mssun Looks like a good idea.

savyajha commented 6 years ago

@yishilin14 I'm so used to autogenerating passwords I don't even remember the last time I looked at them. XD