40 A1 08 D9 34 7b Is Show Is Password

0 views
Skip to first unread message

Vikki Nagindas

unread,
Aug 3, 2024, 10:15:48 AM8/3/24
to duilingtape

How Chrome saves your passwords depends on whether you want to store and use them across devices. When synced, you can use passwords on Chrome on all your devices, and across some apps on your Android devices.

Show password when mouse over password fields.Have you ever deleted whole password just because you typed a single letter wrong ?Now you can get rid of it.This extension will show you the password in plain text when cursor is over password fields.You can also change when to show password in options.Because many people doubt the security of this extension, I upload it's source code to GitHub. mode:Show password when Double Click.Show password when On Focus.Show password when Press Ctrl Key.What's new in 1.2.1:Fix extension don't work on some websites that change input typeWhat's new in 1.1.6:Bug fixWhat's new in 1.1.4:Fix the bug that google account password don't show.

Hi @Ollinator, as part of 1Password Business, you can set fine grained access control for users accessing vaults, and this includes the "Reveal Password" permission. If you uncheck that option, the user will not be able to reveal the password or copy it from within 1Password.

One point I want to make clear - this does not guarantee they won't be able to see the password once it is outside 1Password. Once the password is filled in on a website, there is nothing we can do do prevent someone from inspecting that webpage and determining the password that way.

@Ollinator: Do you have a 1Password Business account? If so, as mentioned in the articles Ben linked, you can manage the vault settings (gear icon) in 1Password.com in your browser and then change the permissions on the vault to disable the "reveal" permission:

I would like to point out that even with this enabled the team member would still be able to copy the password out of 1Password when filling login forms. This means that they could copy/paste the password into an unprotected field or even into a text editor and see the password.

When you share a password with someone it is always best to assume that person now knows the password. Regular rotation of shared passwords is the only way to protect against people who used to have access to shared passwords being able to access accounts once you've removed their access.

When I double click an entry in iCloud Keychain and get the usual Attributes dialog and then select the "Show Password" option, I get the popup asking for my administrator password, as always. After I enter the password and click OK, the password is displayed for a fraction of a second, then the whole dialog box disappears.

But wait, there's more. If I delay a few seconds before clicking Show Password, the dialog box disappears without my having done anything. I rebooted the OS but the problem persisted. According to the App Store I installed 10.13.5 more than two weeks ago so I'm certain I have used it successfully, prior to today's problem.

I use long, random character passwords and use keychain regularly for storing and retrieving them so this is more than a simple annoyance. Any suggestions I can get for capturing a copy of a stored password would be appreciated.

The MacBook is still under it's extended warranty, which Apple assured me remains in effect since the repairs were done by Apple. The invoice for the repairs seems to indicate that "repairs" are done by replacing things at the module, not the component level. Any module that showed water contact on any of it's water detection spots is simply replaced. In my case, that included the keyboard, the cpu module, the display, the battery, the I/O and power module, and the touchpad. In other words, the computer was effectively remanufactured. That work was done in a central repair facility, which I believe is in California.

In any event, Apple can figure out what the problem is and deal with it. Luckily I have an older MacBook Pro that is slow, but serviceable, and thanks to iCloud, it will be pretty much up-to-date should this one need to go back to wherever it goes back to.

The time it takes the dialog box to disappear is variable from 0 to about 10 seconds. If I click on Show Password, the dialog box will NOT disappear while the popup for entering the admin password is present. As soon as I click OK on the popup, the 0 - 10 second disappearing dialog box timer starts.

Water damage can be insidious because even a small amount of residual moisture can result in corrosion or other damage to sensitive electronics that takes a while to occur and only shows up some time later. Also, extensive rework within the confined space of most computers requires a high degree of precision, and a loose or marginal solder joint can lead to problems that begin to surface over time. I don't know what you should do about this but I am concerned that what you are seeing is latent water damage or some flaw in the extensive hardware rework.

All I had to do was change the password for a site that was already recorded in keychain. In my case it was one of my Google accounts. I went into Gmail, changed my password, when Keychain asked, I told it to save the new password on all my devices. I then manually changed the password in Internet Accounts in System Preferences to match what was now in Keychain. Once that was done, Keychain returned to working normally.

As to how the chain got corrupted, I will confess to occasionally draining the battery to 1% when I have no external power available, and this forces an immediate shutdown. And, yes, I know this is a dumb thing to do, and I have probably cured myself of the habit this time.

I would like a way to right-click on the Password column (or other mechanism) and see ALL passwords in plain-text. This would come in handy to see if there are any unsecure ones or duplicates (I presume then I could click the heading and sort them as I can other columns which would also aid in rectifying poor passwords).

Apparently there's no way to edit the ticket once saved. I forgot to mention, if you are concerned about security for showing all passwords at once, then perhaps you just re-prompt for the master password again before showing them all.

Menu > Tools > Options.
Select the "Advanced" tab
Scroll down all the way to the "Advanced" paragraph
Set the checkboxs "Remember password hiding setting in the main window" and "remember password hiding in the entry editing dialog".

Hi Gary,
thank you for answer, but this one is just plain wrong. There are literally hundreds of potential malware infected emclient password recovery tools available. So I think the possibility to show your saved password and maybe betther protect the start of EM-Client itself only with a password or confirmation would create a more secure E-Mail Endpoint than just trying to hide the saved password.
Thomas

Until eM Client Version 7 it had been possible to recover passwords. The tools and tips in the internet refer to this or older versions (e.g. this PDF from 2016).
Since then the passwords have been encrypted and - as far as I know - are not recoverable from eM Client any more. And this is fully ok for safety reasons.

Anyway, it is the job of each user him-/herself to store the passwords in a safe place on paper or a tool like Keepass. The reset option is given by the mail providers already, which you, @4711 , can use.

A website I use occasionally has had a recent overhaul and added a "Show" checkbox next to the password field on their login form. I understand why some ppl want these when they're actually typing their password in, but it seems like a security hole if you're using a password manager that fills your password.

In my case, the password is saved in Firefox's password manager which is in turn secured with a master password **. So, yes, someone else using Firefox on my computer temporarily can potentially log in to this site automatically, but I at least expect they can't actually see my current password.

However, with this new check box they can: I visited the site, went to the login form, which Firefox pre-filled with my password (obfuscated as a series of dots). Then I clicked on "Show" and sure enough my password was displayed in plain text.

** For the sake of this thread, let's not go into a big discussion about whether the Firefox password manager is a safe way to secure passwords. I use it only on my home and work computers which are rarely used by others. Also even if you think I should be using a more robust manager like LastPass, I think a similar vulnerability would exist if someone happens to sit at your computer while LastPass is logged in.

Apart from the obvious security issue of someone else being able to physically see what password you are typing - which the user would be aware of anyway - there are a few security "concerns" that could arise with how it is implemented and what (trustworthy) software is on the users system, that could potentially expose the password to third party apps/tools unnecessarily.

If the "show password" option simply changes the type of the input element to text then any browser plugins (or third party apps) that check spelling of text fields will now be active on the element. In Google Chrome this could involve sending the text to Google to "Ask Google for suggestions".

Login forms shouldn't be autocomplete enabled anyway, but changing the type of the INPUT to text does potentially allow the password to be saved in the browser's autocomplete database (which is not necessarily secure), unless the INPUT is changed back to password before submission.

If we are ignoring everything else you mention, (i.e. shared computer, firefox saved passwords, etc.) the "show" password feature is, by itself, not a security risk. It is for convenience and the "everyday user". There is nothing stopping someone from using the build in browser inspector and changing it to an input type textbox from password. It serves the same purpose (showing the password) but without having to "modify" the HTML. I do it all the time on sites that don't have that 'feature'. A textbox of type password only masks the letters on the UI.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages