Andotp: Secrets too easy to see

Created on 6 Dec 2020  路  4Comments  路  Source: andOTP/andOTP

Hi !
I just moved from Google Authentificator to andOTP, and i find it really annoying that we can see secrets simply using the "edit" button.
I think theses secrets should be.. Well secrets, because that is how OTP works : a one time password. So ig we can easily access the "password" that generate all the others..

Here is my idea to solve this problem : in the edit menu, don't show directly the secret, but a button "show secret" that need user confirmation (same as when we open the app, or maybe a different password for security ?)

Thanks for listening to me, I hope you will add this feature !

enhancement maybe

All 4 comments

That won't really solve the issue. If someone wants access to your secrets they can just create a plain text backup.

Yeah, so maybe an user confirmation to make a backup too ? (And for anything else related to see secrets)

This is why the database is protected with biometric or pin/ password.
If the app is open, it doesn't make sense to restrict it further.

I agree with @beerisgood: the password that is used to open the app is also used to encrypt the database. If someone gets that password he can just directly decrypt the database without ever opening the app. So an additional protection isn't really any use here. There is already a lock for the app in place (which you can setup to automatically lock it on inactivity), so an additional lock doesn't add anything.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

MartinX3 picture MartinX3  路  4Comments

jens-br picture jens-br  路  8Comments

SeppPenner picture SeppPenner  路  3Comments

SkyWheel picture SkyWheel  路  7Comments

fakkoweb picture fakkoweb  路  4Comments