[Pidgin] #15379: Need warning on "remember password" checkbox

Pidgin trac at pidgin.im
Mon Oct 29 06:55:53 EDT 2012

#15379: Need warning on "remember password" checkbox
 Reporter:  IBeaumont  |       Owner:  rekkanoryo
     Type:  defect     |      Status:  new
Milestone:             |   Component:  unclassified
  Version:  2.10.6     |  Resolution:
 Keywords:             |

Comment (by renatosilva):

 That link is about a master password, Firefox does not show any kind of
 warning if you don't set one, which was the point of your report. Ok, it's
 not obvious for you, I wonder what people think in general, but with just
 a bit of thinking you can conclude it's not secure:

 1. If there isn't a key used to encrypt the password, then one just needs
 to run the decryption algorithm to retrieve it, hence insecure.
 2. If there's a key, then one just need to get access to the key to
 retrieve the password. File permissions on the key would have the same
 level of security as if they were applied to the actual keys, so it's just
 an additional artificial step here.
 3. It is only reasonable secure if it used some master password as the
 key. Ok, I could infer my OS password, if ever there's one, was being used
 as master password.

 As I've said, I think there's some plan to implement master passwords in
 Pidgin, search for it. I wonder what people actually think about it being
 obvious or not. Either way, I think adding some note to the widget label
 wouldn't hurt, something like "[./] Save password (insecure)" or similar.

Ticket URL: <https://developer.pidgin.im/ticket/15379#comment:3>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list