The code in the pull request does this:
When the eye is pressed, a check is made to see if a safe screen lock (password, pattern, fingerprint) is configured.
This is exactly how e.g. Firefox and Chrome does when you want to see saved passwords.
Okay, thanks for your reply!
I would think that when it is programmed like that, it should be secure.
I highly support this pull request and hope it is merged soon.
As security is a layered approach, protecting the password only by the lock screen should not be enough; as there is no need to keep the password visible and an additional layers of security can technically be easily established without reducing the users comfort.
It is in the latest beta release, so unless something unexpected happens, it will be released soon.
Unfortunately, lock screen is not enough for many users including me. I am a director of two companies and I many times I have my phone available to be used. Also for my daughter, sometimes she uses it. And here is a good one, when I let it be serviced or updated! You MUST have all lock screens disabled! So, that is useless then, isnât it. I donât understand the hostility for a perfectly good request especially for security enquiries.
Also, think about when I may be in a conference meetings/gathers and I donât want the app to be able to open with out my authority.
I agee with XL_92.
A password lock for opening the app is definitely needed and I see many others who also requesting along with my whole company.
Perfect example, right now send my phone downstairs to my IT guys for service and screen lock MUST be disabled for the service and I (director) donât need this to be accessible.
Why the hostility from some of the users here is totally unfounded for a perfectly reasonable enquiry.
Now I will just delete the account on the phone and will have to reset it when I get it back from service.
Again - if anything this would have to be a CHOICE. I do NOT want to have to enter a pin when opening the app and Iâm sure most other users wouldnât either.
And btw - if I send my device out for service I factory reset it, so again no need for any more security. All of that should be optional, I would never use ANY mail app that forces me to have to unlock it before use!
Why the hostility?
Again, many are requesting it.
2nd, yes, choice, it doesnât have to be a âalways onâ. A simple activate or deactivate for those like you who donât want it and not forcing you.
Service, it is our in house. So I donât want to be doing a factory reset every time.
I use many other apps that I have the option to have a password protect when opening. And it is not an always on/forcing you. For example, Threema app (end to end encryption which I definitely have it set with a password to open.
Last, chill out man! There are a lot of other needs just besides yours.
I think the option to have it enabled/disabled would be a great function for security and flexibility.
Peace.
Hostility? I wasnât being hostile, but merely pointing out that I (and probably most other users) would neither need nor want such extra security.
I was not being hostile and Iâm well aware that there are other needs besides mine, which is why Iâve always said that it needs to be âoptionalâ, if at all.
On most phones you can create multiple user accounts with different passwords. You could create one account for your daughter, one for sensitive apps like email and one account that you can hand over to the IT department.
I hope you do know that this is insufficient to protect your data. The storage is only unlinked while factory resetting. Thus, all your data is still there and can be easily extracted with the corresponding tools.
At least, please have encrypted file system activated on your Android device. When you factory reset then, the data is once again unlinked, but now it remains encrypted without the encryption key being present⌠If I remember correctly, the secure storage where the key is stored is unlinked, randomly overwritten and formatted during factory reset.
This is the sort of statement that should be backed by (links to) evidence or not be made at all. Otherwise youâre just spreading FUD.
Sure, one such tool is https://drfone.wondershare.com/ . However, it can only restore such files and folders that were not overwritten during the reset process.
It will also only work if the storage was not encrypted (unless you have a backup of the encryption key) or if your device vendor has implemented a multihpass format that is conducted during factory reset (if the reset is quick, no such feature⌠if it takes ages, high probability there is).
Sorry, but the existence of a tool is no evidence that a factory reset doesnât wipe all user data. Iâm sure there might have been problems in the early days of Android. But I highly doubt modern Android devices leave recoverable user data around after a factory reset.
Even when selling their âdata eraserâ tool they donât state that a factory reset is unsafe, only that itâs not the âbest optionâ (their tool is, of course). All Things You Need to Know about Wipe Data or Factory Reset
I have been factory resetting (usually twice in a row) my devices for almost a decade in order to sell them. For ânormalâ people a factory reset is more than enough - we are simply not important enough to warrant going through the hassle of trying to restore wiped files.
Maybe if I was a politician, actor or someone else where people might hope to find âsecretsâ on my device ⌠but other than that no, itâs simply fearmongering to claim a factory reset doesnât actually RESET the device.
If itâs considered paranoid, Iâm completely fine with that but this makes me indeed feel uneasy about K9. In any case, I doubt this is best practice and I completely fail to see any need to make passwords visible. Iâm not aware of any (modern) app or application that I know and trust, doing this. There are several parties involved that have to participate in making and keeping the data secure. The device vendor, the operating system, the owner and the app developer. I believe, the latter could do better in this particular case effortlessly.
In fact, you could even go further because even with passwords not being visible I could easily retrieve the passwords from an unlocked phone in 30 seconds or less. Just change the server to your own and K9 will send it to you. Then change the server back. If the owner wasnât looking, he might never find out. If you wanted to improve security, you would clear the password as soon as the server name is changed or encryption settings are modified.
You see, I do use a lock screen, I do lock my phone etc. but mistakes happen and there are many opportunities that could prevent your phone from locking itself. Believe it or not, before I used a smartphone I never saved my email password in any client at all and would type it in everyday. Considering K9 is one if the few clients supporting OpenPGP natively, I would expect a higher level on security leaning on being rather paranoid than sorry.
My 2 cents.
You do realize that a password store is a totally different use case, right? Basically, a password store is the only application that should ever give you the option to see stored passwords and any secure password store will ask for authentication. You might be able to set it up without but that is clearly neither default or recommend and most likely unreasonable.
I think some commenters here do not realize that this issue is long solved in the beta releases, starting from k-9 version 5.900 (released in Sep 2021).
Thatâs why recent versions of K-9 ask for your lock screen password again if you want to see the stored password. Even if the phone is already unlocked.
You consider a security issue solved when itâs fixed in the beta version? The Google Playstore only offers me 5.807 from January and itâs clearly not fixed in that version. Then I checked F-Droid and it offers several version but also installs 5.807 by default. Next I picked 5.913 from F-Droid but this fails to import my settings.
While I often do opt-in to beta versions, in this case I rather donât and I fully understand if others never want to use a beta. A lot of software is bad enough in the stable release. However, if since you fixed this apparently, Iâm surprised you keep this in beta for half a year. If youâre so worried about the changes why didnât you recert back to no-show input fields in the meantime and push a stable release?