Password not protected

The code in the pull request does this:

When the eye is pressed, a check is made to see if a safe screen lock (password, pattern, fingerprint) is configured.

  • If yes, a password/pattern/fingerprint is requested before showing the password.
  • if no, the password is not shown.

This is exactly how e.g. Firefox and Chrome does when you want to see saved passwords.

4 Likes

Okay, thanks for your reply!
I would think that when it is programmed like that, it should be secure.:+1:t2:

I highly support this pull request and hope it is merged soon.
As security is a layered approach, protecting the password only by the lock screen should not be enough; as there is no need to keep the password visible and an additional layers of security can technically be easily established without reducing the users comfort.

1 Like

It is in the latest beta release, so unless something unexpected happens, it will be released soon.

1 Like

Unfortunately, lock screen is not enough for many users including me. I am a director of two companies and I many times I have my phone available to be used. Also for my daughter, sometimes she uses it. And here is a good one, when I let it be serviced or updated! You MUST have all lock screens disabled! So, that is useless then, isn’t it. I don’t understand the hostility for a perfectly good request especially for security enquiries.
Also, think about when I may be in a conference meetings/gathers and I don’t want the app to be able to open with out my authority.

I agee with XL_92.
A password lock for opening the app is definitely needed and I see many others who also requesting along with my whole company.
Perfect example, right now send my phone downstairs to my IT guys for service and screen lock MUST be disabled for the service and I (director) don’t need this to be accessible.
Why the hostility from some of the users here is totally unfounded for a perfectly reasonable enquiry.
Now I will just delete the account on the phone and will have to reset it when I get it back from service.

Again - if anything this would have to be a CHOICE. I do NOT want to have to enter a pin when opening the app and I’m sure most other users wouldn’t either.

And btw - if I send my device out for service I factory reset it, so again no need for any more security. All of that should be optional, I would never use ANY mail app that forces me to have to unlock it before use!

Why the hostility?
Again, many are requesting it.
2nd, yes, choice, it doesn’t have to be a “always on”. A simple activate or deactivate for those like you who don’t want it and not forcing you.
Service, it is our in house. So I don’t want to be doing a factory reset every time.
I use many other apps that I have the option to have a password protect when opening. And it is not an always on/forcing you. For example, Threema app (end to end encryption which I definitely have it set with a password to open.
Last, chill out man! There are a lot of other needs just besides yours.
I think the option to have it enabled/disabled would be a great function for security and flexibility.
Peace.

Hostility? I wasn’t being hostile, but merely pointing out that I (and probably most other users) would neither need nor want such extra security.

I was not being hostile and I’m well aware that there are other needs besides mine, which is why I’ve always said that it needs to be “optional”, if at all.

On most phones you can create multiple user accounts with different passwords. You could create one account for your daughter, one for sensitive apps like email and one account that you can hand over to the IT department.

1 Like

I hope you do know that this is insufficient to protect your data. The storage is only unlinked while factory resetting. Thus, all your data is still there and can be easily extracted with the corresponding tools.

At least, please have encrypted file system activated on your Android device. When you factory reset then, the data is once again unlinked, but now it remains encrypted without the encryption key being present… If I remember correctly, the secure storage where the key is stored is unlinked, randomly overwritten and formatted during factory reset.

This is the sort of statement that should be backed by (links to) evidence or not be made at all. Otherwise you’re just spreading FUD.

1 Like

Sure, one such tool is https://drfone.wondershare.com/ . However, it can only restore such files and folders that were not overwritten during the reset process.

It will also only work if the storage was not encrypted (unless you have a backup of the encryption key) or if your device vendor has implemented a multihpass format that is conducted during factory reset (if the reset is quick, no such feature… if it takes ages, high probability there is).

Sorry, but the existence of a tool is no evidence that a factory reset doesn’t wipe all user data. I’m sure there might have been problems in the early days of Android. But I highly doubt modern Android devices leave recoverable user data around after a factory reset.

Even when selling their “data eraser” tool they don’t state that a factory reset is unsafe, only that it’s not the “best option” (their tool is, of course). All Things You Need to Know about Wipe Data or Factory Reset

1 Like

I have been factory resetting (usually twice in a row) my devices for almost a decade in order to sell them. For “normal” people a factory reset is more than enough - we are simply not important enough to warrant going through the hassle of trying to restore wiped files.
Maybe if I was a politician, actor or someone else where people might hope to find “secrets” on my device … but other than that no, it’s simply fearmongering to claim a factory reset doesn’t actually RESET the device.

If it’s considered paranoid, I’m completely fine with that but this makes me indeed feel uneasy about K9. In any case, I doubt this is best practice and I completely fail to see any need to make passwords visible. I’m not aware of any (modern) app or application that I know and trust, doing this. There are several parties involved that have to participate in making and keeping the data secure. The device vendor, the operating system, the owner and the app developer. I believe, the latter could do better in this particular case effortlessly.

In fact, you could even go further because even with passwords not being visible I could easily retrieve the passwords from an unlocked phone in 30 seconds or less. Just change the server to your own and K9 will send it to you. Then change the server back. If the owner wasn’t looking, he might never find out. If you wanted to improve security, you would clear the password as soon as the server name is changed or encryption settings are modified.

You see, I do use a lock screen, I do lock my phone etc. but mistakes happen and there are many opportunities that could prevent your phone from locking itself. Believe it or not, before I used a smartphone I never saved my email password in any client at all and would type it in everyday. Considering K9 is one if the few clients supporting OpenPGP natively, I would expect a higher level on security leaning on being rather paranoid than sorry.

My 2 cents.

You do realize that a password store is a totally different use case, right? Basically, a password store is the only application that should ever give you the option to see stored passwords and any secure password store will ask for authentication. You might be able to set it up without but that is clearly neither default or recommend and most likely unreasonable.

I think some commenters here do not realize that this issue is long solved in the beta releases, starting from k-9 version 5.900 (released in Sep 2021).

That’s why recent versions of K-9 ask for your lock screen password again if you want to see the stored password. Even if the phone is already unlocked.

1 Like

You consider a security issue solved when it’s fixed in the beta version? The Google Playstore only offers me 5.807 from January and it’s clearly not fixed in that version. Then I checked F-Droid and it offers several version but also installs 5.807 by default. Next I picked 5.913 from F-Droid but this fails to import my settings.

While I often do opt-in to beta versions, in this case I rather don’t and I fully understand if others never want to use a beta. A lot of software is bad enough in the stable release. However, if since you fixed this apparently, I’m surprised you keep this in beta for half a year. If you’re so worried about the changes why didn’t you recert back to no-show input fields in the meantime and push a stable release?

2 Likes