Major security flaw!

Discussion in 'iOS 7' started by gurbinav, Sep 20, 2013.

  1. macrumors newbie

    Joined:
    Aug 16, 2011
    #1
    Everyone's talking about how you can unlock the device without a passcode which is minor. Here's what we need to worry about:

    Go into Preferences>Safari>Passwords and Autofill>Saved passwords

    There you'll find all of your saved passwords in PLAIN TEXT.
     
  2. macrumors newbie

    Joined:
    Jul 24, 2013
    #2
    Uau, that's a "big" finding!

    So... do you want to see the password like *****?
    What is the use?
    You can use that list if you forget a password.

    The simple rule is "never let a browser memorise passwords!"

    The same thing on desktops!

    P.S. Use 1password for logins on Windows/Mac/IOS
     
  3. macrumors 6502a

    MarcusCarpenter

    Joined:
    Feb 18, 2013
    Location:
    London
    #3
    If you have a pass code lock it asks you for your code when you go into the saved passwords
     
  4. macrumors 68020

    bbfc

    Joined:
    Oct 22, 2011
    Location:
    Newcastle-Upon-Tyne, UK
    #4
    It asks for your passcode when you go to view any password.
     
  5. macrumors 601

    Joined:
    Mar 25, 2009
    Location:
    Lincoln, England
    #5
    It should let us set a stronger password for that area!
     
  6. thread starter macrumors newbie

    Joined:
    Aug 16, 2011
    #6
    I dont have a passcode lock set. My phone rarely leaves my hands and if it were to get stolen I know I would need to change my passwords immediately. That was a risk I was willing to take.

    Now, however, instead of having to gain physical access to my phone for a significant amount of time, finding out passwords is a matter of 30 seconds of snooping!
     
  7. macrumors 65816

    Joined:
    Dec 7, 2010
    #7
    Put a passcode lock on it then.

    Anyone who doesnt have a passcode lock deserves to have their details nicked if they lose their phone.
     
  8. macrumors newbie

    Joined:
    Sep 19, 2013
    #8
    Wait? wut?! This is news to me, care to explain?
     
  9. macrumors member

    Joined:
    Dec 27, 2011
    #9
    It shouldn't display them full stop. It should just show the user name and the fact you have a saved password. The only options should be to delete it, or re-enter it if it has changed.

    It shouldn't be a password reminder service, put a "hint" field in for that.

    This is pretty basic stuff that was standardised in the software industry years ago.
     
  10. thread starter macrumors newbie

    Joined:
    Aug 16, 2011
    #10
    @sim
    My entire point was losing your phone is no longer a requirement.

    ----------

    @eresin

    http://m.bbc.co.uk/news/technology-24170429
     
  11. macrumors 6502

    Joined:
    May 1, 2013
    #11
    Don't worry, Google says this is all in the name of "promoting security"....

    Seriously, though, iCloud Keychain is going to solve this (and you shouldn't be saving passwords in the browser any way).
     
  12. macrumors 68030

    Steve121178

    Joined:
    Apr 13, 2010
    Location:
    Bedfordshire, UK
    #12
    I don't rate Apple's security or their response to security issues so I'll be damned if I'm going to let my passwords sit on Apple's servers.
     
  13. Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #13
  14. Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #14
    [MOD NOTE]
    Thread reopened - the linked news story is about a different security flaw. Sorry for the confusion.
     
  15. thread starter macrumors newbie

    Joined:
    Aug 16, 2011
    #15
    I prefer my passwords stored locally only.
     

Share This Page