Password not protected

Hello, I just have seen that application has no protection (lock or password to open it) and in addition, mail password are visible (by appliyng on the eye case). This possibility as no interest and is not safe at all because somebody which can acess to k9 can see it and change it easily to lock mail.
Please, can you remove this function and/or add more protection when opening k9 ?
Just a question, does the password are encrypted where they are saved on the phone or not ? If yes, you have to improve that also.
Regards.
Xavier

1 Like

We have no plans to add a password lock screen to the app. Android supports full device encryption and a lock screen. We highly encourage everyone to enable both of these features.

1 Like

I feel this is not a satisfactory response IMO
We have near a 100 staff emails using K9 on their phones, the mail account is the same as their computer account for example and the idea to tap that button and see ones password leaves me pondering alternative mail apps if your response is that blunt.
Yes phones have locks and so on, but there is always a time or chance a phone is left for a moment not locked where someone in the know could easily get an account password.

Was this possible in the former version of K9 as I do not recall being able to expose a password like that?

1 Like

Passwords are not visible in ver5. 6 which is what I am still using. I am afraid that the tone of the answer you have been given regarding your perfectly reasonable question is consistent with the developer’s attitude to any perceived criticism of his pet project.

1 Like

IF anything that should be optional - not everybody needs or wants that kind of “protection” … I know I definitely don’t!

Like cketti said - that’s what a secure lockscreen is for.

So its completely OK for our domain credentials to be exposed by K9 now (not previously) with the only protection being lock screens, which vary wildly in security.
Old phones = risk to bypass lock screen
My 5 year old unlocks my phone with my pattern, they are not secure.
And we have all surely seen the joke that is face locks and even finger prints being useless (Samsung looking at you) originally at least.

The point is not whether to protect someone from reading the emails or anything in the app. Yes, that is the job of the lockscreen. But the password being unprotected is a much bigger scope than that. Anybody that has the password has unrestricted, indefinite and basically untraceable access to the account. I have not seen any app allow you to read out passwords… Imagine you could read out every passwords of every app you logged in in your phone… You could not even think about giving your phone to someone for a split second, without them getting access to all your life and not just a small time-gated snapshot in the worst case.

I would really encourage you to revisit your decision. It really is not best practice to expose passwords like that and has nothing to do with lock screen or not.

1 Like

If someone has access to your K-9 mail (even when not being able to see the password), they can press “forgot password” in every other app and receive that email.

This is not untraceable, since you cannot log in anymore with your own password, and needs much much more time than simply photograph the passwords with another smartphone and use it at will some time later, when convenient. And also it does not scale, since you have to do everything in this limited time. This argument is like: “Oh you don’t need a front door, because you have windows and anybody can break them.” Like yes, it is not some crazy security measure that cannot be defeated with some planning and speedrunning the password-forgotten-dialog. Rather its very basic and protects the simplest and most basic attack that makes the most easy attack.

Like I have not seen my two-factor-defeating one-time-password in years until K9 showed me yesterday, which is against the design of every one-time-password ever.

I want to stress: I’m not one of the “burn K-9 to the ground” mob and my feedback is not supposed to be sassy. On the contrary, while I did not expect so much change, I’m more than pleased to be using K-9 in the future. I will probably suggest some ideas, but overall I find K-9 to be the only usable email client on Android. I find it awesome that this project got its revival :slight_smile:

While I can see your point about having the eye being able to display the password being a bad idea, I don’t even consider handing my unlocked phone to someone else. There’s too much damage they can do. And while I use a strong password to lock it, I do concede to convenience by using the iris and fingerprint scans to unlock. I’ve found both of them to be reasonably secure, much more so than Apple face id where my son and daughter can both unlock my wife’s iPhone.

But back to handing someone an unlocked phone so they can see something I want to show them or let them use an app, like a game for my son, I always pin the app when I do that. I don’t know if non-samsung phones have that feature but it’s great. If the user tries to leave the app that’s pinned, the phone goes back to begin locked.

It’s not a Samsung-specific feature and should be available on all Android versions that K-9 Mail supports.

https://support.google.com/android/answer/9455138?hl=en

I try to avoid giving my phone to anybody aswell and use pretty much all the common security features. But locking my mail app is not one of them, because it would be annoying (Oh I got mail, lets unlock my phone twice to read it :roll_eyes:). This is not a solution.

It’s just bad design that could be easily avoided and would most likely not be a huge amount of work to implement. Literally nobody on the face of the planet wants a password to be readable and nobody expects it, because it is so stupid. Please cketti, I beg you, just change it and everybody is happy.

Don’t assume that because you don’t want to do this, nobody does. Have you had a look at the password store in your browser lately?

There has been the suggestion to prompt the user for the lock screen password/fingerprint/whatever before showing the server password. I’d be totally fine with that. But this is not a priority feature for me. Pull requests to implement this are very much welcome.

4 Likes

My wording may have been exaggerated, but not showing the password will most likely be the more popular and safer choice. Just removing the eye-icon, after the inital setup would be a compromise until fingerprint/pin entering is implemented.

1 Like

I would like to say so much more to explain my point, but my english is not that well. But I see no reason why a password should be made visible so easy. On computers, banking apps or whatever, I would say the eye button should not be there.

1 Like

Well, there is clearly disagreement about this.

Anyways, a password/fingerprint/login prompt is on its way. See Passwords unprotected and visible after update - #7 by harold for more details.

1 Like

Okay. Let’s say it this way. People are making connections to several email accounts on their email apps. Whatever email apps people are using…

DURING the making of the account or DURING TYPING the password the eye button can be usefull. I fully agree with that. But after the check from the credentials I think absolutely not. I think it is very unsafe to keep showing the eye button.
(If all apps would handle this procedure and keep showing the eye button, then if someone steels a phone, they could collect ALL YOUR PASSWORDS!!)

But to understand your point of view, I will continue:
Now after the check and the email account works fine. All the email is coming in and the mails can be send…

Can you tell me whatever logical reason people can have to make passwords visible for a working account afterwards? That justifies the eye button afterwards?

For me personal (and my use of K-9 Mail for the future, after 11 years…), your answer is very crucial!!

2 Likes

I agree to @harold.

I see no reason why after setting up the account the password should be visible on a working account. Seems a BIG security issue to me, also.

This is true only if BOTH of these are true:

  1. The phone is unlocked.
  2. The app has “an unprotected eye”.

Regarding 1: I assume that anyone who is a bit security conscious uses a screen lock and does not let others use their phone.

Regarding 2: Yes, K-9 currently have “an unprotected eye”, but a pull request fixing that is already being reviewed.

Okay.
I can not oversee in your answer regarding your answer at #2 what the fix will be, and I wait for it.
Thanks for your answer!