Autofills #35
Comments
|
I think we can come up to solution like option to disable if certain groups of people didnt want to. The features has become a norm/standard in every password manager app that I found, some of them allow people to set how long the copied text on clipboard can be use. |
|
I propose that we still offer it as an option, but we opt out from having it enabled by default, to respect the privacy of our user-base. It may be standard feature, but implicitly having a feature that can steal personal information from users, it's actually scary that some of the password managers have options to store debit cards with this thing being enabled. I want to make it as private as possible, something that i would use myself, not something made to appeal the mass of people that take conveyance over privacy. So in a sense it can be in the settings, it kind of needs to be because even if you have it you still need to go to the device settings to change the default autofill option that is already set by the manufacturer of the device itself, we should also point out all disclaimers that if they do use this feature it's possible that their privacy may be compromised if they interact with malicious applications. The other thing is that the autofill doesn't work on most websites that haven't updated the standard so they have to copy anyway. |
|
We may need some additional data like how people actually using autofill in their current password manager, are they truly utilize it, aware or abandoned it? Also if there is a accident or research about autofill features we may look it up on their suggestion to improve the autofill It is good that we want to stick with privacy/security first, yes we will lose some groups but this is part of design design decision, as well as branding of keyfortress and how do we positition/distinct ourselves in market that has hundreds password manager out there. |
|
This is how keepassdx implemented the autofill feature
This one is lastpass |
|
https://www.omnicybersecurity.com/password-autofill-is-it-safe/ If you do take a look at most "Articles" that promote auto fill, they do it out of a gimmick. Just so they can have an article online that mentions their name and push undisclosed promotions masked as security assesment. Reality is that there is this thing on android, it's an API created for people with disabilities that can be exploited to steal any credentials so if you do have an app that is running with this, with autofill or without it. Everything is compromised. After all good OPSEC is the best way to protect yourself online. And first thing it recommends is, not to trust automation. |
|
Yeah, that's true but if the person still wanted to use autofill, whether he/she aware or not of the downside. I think just let be it. We only have to maximize security on the software side. |
@rezaalmanda This is a delicate matter here, we are privacy first software, and autofill is anything but privacy preserving, while it does offer some user convince, in terms of not having to copy paste passwords around it also opens a lot of attack vectors.
The reason it was created as a thing was the initial attack vector of listening to the shared clipboard between applications. So in theory if you have a compromised device than you can listen to the clipboard when the user uses a password and steal it.
However, you can also be reading the memory constantly and if you use autofill you can extract the same data of autofill as well, so in that sense the security benefit compared to clipboard alternative is close to none.
However it does unlock lot more attack vectors, for example if you're on a compromised or malicious app it can request more than a single password or email from the manager and steal that data, it can in the case we offer autofill for other stuff like phone numbers, emails, usernames, addresses request those with the password request as well even if they are not on the login form.
In most malicious cases without a compromised device it's a good tool to extract personal information for web pages.
I do think that if we are to be true libre software, we are to preserve the identity of our users as much as possible and sharing their data over third party apis to fill them in an a field that might request more than what it's on the screen is a violation of that privacy. I would vote against, that feature myself as on systems like apple we don't even have access to the source underneath to verify it's doing what we are saying it's doing.
We might lose some potential users of our app, but for me we should stand behind our promises to deliver libre first software instead of a shiny star.
We offer FIDO2 as a login alternative, if people are concerned with their safety, they shouldn't be using a password that can be hijacked anyway, they should be just exchanging certificate challenges.
The text was updated successfully, but these errors were encountered: