Exposing master password at login on screen during login time

I see this issue on the android app but it may exist wherever the master password is entered

Issue: the on screen passphrase or final character or the users security pin or the full pin if visible is exposed to anyone looking at the screen while the app processes the login

If the user enters their master password with the *** mask enabled only the final character is relevent here however if the user chooses to show the whole master password on screen when clicking unlock button or the Unlock button when unlocking the vault with a pin has the same issue

The initial login with master passprase does not exhibit this issue

Possible solution
When clicking the unlock button, before prossing the login, mask the passphrase/pin immediately, before processing the login so the exposed data does not remain exposed on screen while the login is processed as this can take a number of seconds… And this would be trivial to implement

A shoulder surfer can also watch the keystrokes as you type them. If concerned about shoulder surfing, the better approach is to configure unlock with biometrics and then keep the vault logged in but locked.

Removing/obscuring the login screen upon clicking “unlock” does seem like a good idea, though. Perhaps replace it with an “Unlocking…” message so one knows the button clicked.

@Lee_MacKinnell Welcome to the forum!

Feature request topics should proposes a single idea. It is unclear from your post whether you are asking for the visibility of an unmasked password/PIN to be automatically toggled to hidden immediately upon submission, or whether you are asking for the display of the most recently entered character to be suppressed when the password visibility is set to hidden.

There may be existing Feature Request threads for one or both of these proposals, I would have to look. In the meantime, it would be helpful if you could clarify what the focus of your request is.

I suspect @Lee_MacKinnell is suggesting that sensitive information not be left on the screen during the decryption process, which is what happens after the “unlock” button is pressed. And, the mention of the entire password or just the last character (if masking is enabled) are two symptoms of this one concern. (@Lee_MacKinnell, please correct me if I misunderstand).

I have a super-old/slow Fire tablet where the decryption process locks the entire UI up for about 5-10 seconds, leaving on-screen whatever was displayed immediately before. For me, this is no-big-detail because the tablet never leaves my house. But as @Lee_MacKinnell suggests, I can see this being a concern when “in public”.

DenBesten This is exactly the issue… sensitive info should not be left visible while processing login/unlocking

and by hiding the characters during processing it should be an easy fix

it is not a major concern for me as it is only on screen for a few seconds in my house but keeping any characters on screen during processing reduces security and in a public place where the screen could be on camera, if the whole passphrase is on screen while it is processed it makes it easier for someone to compromise your vault

someone could run up to you after you click unlock and snatch your device, then see your passphrase while it is being processed,3 seconds is an eternity to be displaying a passphrase on-screen even if you immediately get the device back

I have a ubikey but many people do not…

the same thing happens when entering the pin to unlock

but entering the master passphrase for the first time did not seem to have this issue for some reason

I thought they were talking about this (if entering Password on a mobile device):

  1. P
  2. *a
  3. **s
  4. ***s
  5. ****w
  6. *****o
  7. ******r
  8. *******d

If the concern is with the display becoming stuck at Step 8 during the KDF calculation, so that an observer could obtain the last character of the password, then I agree that is the same issue.

However, if @Lee_MacKinnell 's concern is with the successive display of the most recently entered character in Steps 1–7, then it should be a separate feature request.

during the KDF calculation either the last character typed OR the whole passphrase if the whole passphrase is set to show, then the whole passphrase is left visible on screen for a few seconds

1 Like