Zero knowledge OR hidden sharing

Share passwords (within an organisation) without revealing the password.

How is this suppose to work without sharing the password though.

I don’t understand your question?

This is actually something that we are pretty firm in our beliefs about - sharing a password is just that - sharing. There is no true “zero-knowledge” option.

We have hiding passwords on our roadmap, but we want to make sure that all users know it’s just making it just a little harder to get to the password, and not completely hiding it.

2 Likes

Thanks for the input! I’d be super cool with hidden passwords only! (All other platforms appear to have this already)

It’s fake. They don’t let you see it in the UI, but the browser will save it and you can see it that way. In the end, you have to provide them the clear text password. You can at most make it cumbersome for a normal person who generally won’t even care to try. But if someone wants to, there’s nothing stopping them.

That’s not ‘fake’ - but yes it’s hidden and more difficult to reveal. If you’re running a company with multiple employees globally that require client password access then hiding passwords (even if they can be revealed by some trickery) is incredibly helpful. Currently users within an organisation can even clone passwords!

1 Like

When they need access to the credentials anyway, why don’t you want them to see it? So they cannot use it otherwhere than on work?

I actually see no advantage in a “security promising” feature which actually doesn’t do anything about security.

Are you asking why I don’t want my staff members to be able to view the credentials I want to share with them?

Yes. It basically sounds like “drive my car but without I don’t want to give you my key”

I haven’t seen any articles or evidence FOR full password transparency, though I’m sure there must be some?
Staff don’t need the passwords - they just need the access.

This is a great example of why options are good!

I mean it’s “fake” security. It could be argued that even if it does not add any positive security, it does reduce “negative” security from common bad practices such as copying the password.

The biggest issue with these kinds of features is 99.9% of people who use it will just notice that the other person cannot “see” the password and will assume that they cannot know the password. And no matter how many times you tell them, they will still forget. I deal with this kind of stuff ALL OF THE TIME. When it comes to security, the most important thing you can do from a UX philosophy is to be strait forward with no gimmicks. Giving your end users a false sense of security is generally frowned upon.

In the end, perfect is the enemy of good. Probably require this feature to be enabled per entry, require the entry to be read-only, and put a big warning next to it, and pop-up a confirmation with a similar warning. Make it obvious that sharing the password is still sharing the password, just some fancy UI feature to not the end user directly see it or copy it.

1 Like