Enter Password Screen
It seems to me that indicating that the password hint can be shown on the enter password screen may compromise security. This should be separated somehow.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by jeff_l on 24 Jun, 2020 03:45 PM
It’s only a security issue if your Hint message contains your password.
If you don’t like Hint being there, remove your hint from the Set Master Password screen & leave it blank.
Jeff – fellow user
Support Staff 2 Posted by Ethan on 24 Jun, 2020 06:15 PM
I'm not quite sure I understand the risk you are describing. Can you explain in more detail?
The only risk I can think of is if one gives too good of a hint. For example, if your password was your birthday (a bad password!) and your hint was "my birthday," obviously that would be a problem. The hint should be a reference to jog your memory without actually giving a hint to anyone else.
Ethan
Infinite Kind Support
3 Posted by Bruce Atkinson on 24 Jun, 2020 06:22 PM
Yes I agree that “The hint should be a reference to jog your memory without actually giving a hint to anyone else.” My concern is that for many that may not be so simple (I.e., any hint could help to significantly lower the guesses necessary if not carefully chosen.)
Since this app is supposed to be very secure, I see this as a shortcoming although this may just be me.
4 Posted by dwg on 24 Jun, 2020 09:47 PM
The hint could not be shown on any other screen becauese the data set cannot be opened until you have supplied the correct password, so you cannot get past this screen.
Everything is a trade off. the ultimate solution is not to have a hint at all, but as there are no back doors in the software, do not forget your password. Software can only go so far to protect users, ultimately the user has to take some personal responsibility. As the saying goes you can make it foolproof but you cannot make is damn foolproof.
System closed this discussion on 23 Sep, 2020 09:50 PM.