Open waltertamboer opened 8 years ago
Hea!
A few questions about these:
It would be a nice feature to share credentials between different accounts
What would be the user need for this? Why would user A want to give user B their password?
How do we let the user know there are security issues related to this feature?
Do you mean there are software security issues with this? If there are security issues, I'd be reluctant to enabling it as a feature.
Just a few thoughts..
What would be the user need for this? Why would user A want to give user B their password?
A company might register for an account at a website but this website does not offer multiple users for an account. Therefor the password for that one account needs to be shared between employees.
There are definitely security issues. One cannot simply give passwords to somebody else. The other person would login to the website and the password has to be posted along and is therefor available for reading. The only solution for this would be to handle logging in the OwnPass server. Could be something worth investigating.
On the other hand, we could also put a big warning note/alert that the the passwords becomes readable for the other person when you share it. People might find this acceptable since they are sharing it already.
It would be a nice feature to share credentials between different accounts.
There could be security issues related to this. Questions to ask ourselves: