search

nextcloud / passman

🔐 Open source password manager with Nextcloud integration
https://passman.cc
GNU Affero General Public License v3.0
786 stars 108 forks source link

Sans serif font makes passwords confusable #562

Open IBBoard opened 5 years ago

IBBoard commented 5 years ago

Bug report

Steps to reproduce

  1. Create a password with "I" (capital i) and "l" (lower case L) and save
  2. View password entry
  3. Click "Show password"

Expected behaviour

Password can be read back without confusing letters

Actual behaviour

It's impossible to differentiate I from l.

(Also applies to O/0 to a lesser degree)

Configuration

Operating system: Android Pie and openSUSE Tumbleweed

Browser: Firefox 65.0.1 (mobile and desktop)

Extensions that might cause interference: None

Passman version: 2.2.1

cloud server: Nextcloud

cloud version: 15.0.4

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/70858608-sans-serif-font-makes-passwords-confusable?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F44880056&utm_medium=issues&utm_source=github).
IBBoard commented 5 years ago

I've not managed to edit, build and test this myself yet, but some DOM Inspector CSS hacking and a bit of code walking suggests that it might be a quick fix that just needs a class="password" adding to the credential template and adding a font-family: monospace rule (or more specific) to the CSS files.

(Although it might be helpful to fix other locations as well, like creating/editing)

Note: The confusability is important for times when you're trying to type in to other devices. I was trying to log in on a Nintendo Switch, looking at the web UI on my phone.