materialistic icon indicating copy to clipboard operation
materialistic copied to clipboard

Published 20 hours ago verified publisher icon hidroh

Show Account Passwords

Open carlosssanchez opened this issue 6 years ago • 5 comments

I am a daily user of this app with several a few different accounts I created through it but no longer remember the credentials for them due to the app's auto-login.

I understand the HN api doesn't have options to set email nor change passwords from your app, so I believe the easiest implementation is to show the stored credentials so we can copy them.

Is this possible?

carlosssanchez avatar Feb 21 '19 02:02 carlosssanchez

That doesn't sound very safe though. I think the normal practice is to not do it, and instead go to HN to request for reset password/forgot password. You should be able to get your username through the app.

hidroh avatar Mar 24 '19 22:03 hidroh

Thanks for replying. The problem is when you make an account through the app, you don't ask for an email address, so I have no way of recovering the password from the site because those accounts don't have emails attached.

Thinking about how to implement showing the password in-app, you could do like cryptocurrency apps do and require a fingerprint/passcode before showing the stored credentials in a dialog. It's perfectly safe to show your stored passwords upon request, after all both browsers and any third party password manager does this.

If this still bothers you however, maybe just add a way to reset password or add an email address directly from the app using the stored credential.

carlosssanchez avatar Mar 25 '19 18:03 carlosssanchez

I see what you mean. We need a way for users to input email to existing account first before being able to reset password. I'll think of a way to do that.

hidroh avatar Mar 26 '19 12:03 hidroh

+1 for the ability to add an email through the app, there's no way to have a password forget now.

dagomar avatar Jun 04 '19 19:06 dagomar

Hi, I am in the same situation. Logged in on my phone but don't know my credentials (silly me for not adding them to my password manager) and I cannot reset the password as the account is not tied to my email address.

Would really be keen to not have to start over, if that's possible. I was thinking of maybe trying to do a session hijack and reuse the auth tokens etc on my computer but I don't know if there's a way to capture that on Android phone.

mahalel avatar May 13 '20 20:05 mahalel