Open mucharafal opened 10 months ago
Have a same problem. The App should be bring up a keyboard for typing password.
Keyboards like Microsoft SwiftKey and Google Keyboard have an incognito mode. It is common for apps (even outside of authenticators) to automatically switch to the incognito mode for password entry, to prevent saving of passwords to dictionaries used for autocorrect.
I would strongly recommend that 2FAS implements this on both iOS and Android.
Was about to say the same thing. I use Gboard and was surprised that autocorrect was still on (therefore saving my password) in two situations: when making a password for the exported backup file and when entering the password to import the exported file.
I'm no expert at all the Android stuff (especially because things change very quickly), but my guess is that there is this line:
And this function is (indirectly) used when creating those password textedit boxes, and it looks like the default options are used throughout the entire function call stack. If my hunch is correct, then changing a "single" line of code should fix it. Specifically, the function needs to know that it is used for the password and not a plain text. But the strange thing is that it is hidden by the dots, so something isn't clear here. Maybe those are non-native dots, idk.
Here is (one of) the starting point(s), btw:
For me, it's a security issue, and fact that this is still not fixed after half a year, is at least worrying..
Hi,
Just when I was typing password, surprisingly it appeared and was displayed in dictionary. It doesn't happen when I type passwords in other application - seems that something is misconfigured.
Config: 2FAS Auth: 5.1.0 Android 13 (Xperia 10 III - 62.2.A.0.533) Gboard 13.5.04.566637127
Anyway, thank you for the great app!
Best, Rafal