QtPass icon indicating copy to clipboard operation
QtPass copied to clipboard

Published 20 hours ago verified publisher icon IJHack

deleting passwords should be restricted

Open Emonshr opened this issue 5 years ago • 9 comments

when someone wants to delete any password, he should give the paraphrase- or else valuable passwords can be erased if the computer is stolen or something.

Emonshr avatar Nov 03 '19 17:11 Emonshr

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.85. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

issue-label-bot[bot] avatar Nov 03 '19 17:11 issue-label-bot[bot]

when someone wants to delete any password, he should give the paraphrase- or else valuable passwords can be erased if the computer is stolen or something.

Since the passwords are single files on the filesystem, that can still happen. The easiest way to prevent such a thing from happening is using git, either locally or with a remote repo.

annejan avatar Nov 26 '19 13:11 annejan

Or changing the .password-store directory permission, and enforced this from the default configuration?

Emonshr avatar Nov 26 '19 14:11 Emonshr

Personally I don't think the issue scenario is an issue.

  • If my computer was stolen/hacked/whatever, having my password vault deleted is preferable.
  • If my vault/passwords aren't without being backed up elsewhere, something is wrong with my personal data management

As I see it the tools protection of my data is as wrapper for gpg to handle encryption. I use git to version, backup, and sync my vault across my devices. In the event of PC theft let them delete the vault, at that point those passwords are burned anyway. Change them starting with the most valuable from another device.

Plloi avatar Nov 26 '19 14:11 Plloi

If my vault/passwords aren't without being backed up elsewhere, something is wrong with my personal data management

Sometimes, backing up is not possible for poor internet connection or hazardous machine. It is better to think about the worst case scenarios. Although, I agree with your point,

If my vault/passwords aren't without being backed up elsewhere, something is wrong with my personal data management

Emonshr avatar Nov 26 '19 14:11 Emonshr

A Password backup is always possible, even it's on paper

Plloi avatar Nov 26 '19 15:11 Plloi

@Plloi I will appreciate your effort to write down your randomly generated password.

Emonshr avatar Nov 26 '19 15:11 Emonshr

@Emonshr If it's hard to write down your randomly generated passwords, then there's room for improvements!

https://www.xkcd.com/936/ https://fsmaxb.github.io/correcthorsebatterystaple/

FSMaxB avatar Nov 29 '19 21:11 FSMaxB

@FSMaxB I can;t figure out XKCD things very often. But I will tinker with your interesting :smile: randomly generated password tool later!

Emonshr avatar Nov 30 '19 13:11 Emonshr