Major security flaw!

Discussion in 'iOS 7' started by gurbinav, Sep 20, 2013.

  1. gurbinav macrumors newbie

    Aug 16, 2011
    Everyone's talking about how you can unlock the device without a passcode which is minor. Here's what we need to worry about:

    Go into Preferences>Safari>Passwords and Autofill>Saved passwords

    There you'll find all of your saved passwords in PLAIN TEXT.
  2. Mentat2K macrumors newbie

    Jul 24, 2013
    Uau, that's a "big" finding!

    So... do you want to see the password like *****?
    What is the use?
    You can use that list if you forget a password.

    The simple rule is "never let a browser memorise passwords!"

    The same thing on desktops!

    P.S. Use 1password for logins on Windows/Mac/IOS
  3. MarcusCarpenter macrumors 6502a


    Feb 18, 2013
    If you have a pass code lock it asks you for your code when you go into the saved passwords
  4. bbfc macrumors 68030


    Oct 22, 2011
    Newcastle, England.
    It asks for your passcode when you go to view any password.
  5. matttye macrumors 601

    Mar 25, 2009
    Lincoln, England
    It should let us set a stronger password for that area!
  6. gurbinav thread starter macrumors newbie

    Aug 16, 2011
    I dont have a passcode lock set. My phone rarely leaves my hands and if it were to get stolen I know I would need to change my passwords immediately. That was a risk I was willing to take.

    Now, however, instead of having to gain physical access to my phone for a significant amount of time, finding out passwords is a matter of 30 seconds of snooping!
  7. sim667 macrumors 65816

    Dec 7, 2010
    Put a passcode lock on it then.

    Anyone who doesnt have a passcode lock deserves to have their details nicked if they lose their phone.
  8. Eresin macrumors newbie

    Sep 19, 2013
    Wait? wut?! This is news to me, care to explain?
  9. marktuk macrumors member

    Dec 27, 2011
    It shouldn't display them full stop. It should just show the user name and the fact you have a saved password. The only options should be to delete it, or re-enter it if it has changed.

    It shouldn't be a password reminder service, put a "hint" field in for that.

    This is pretty basic stuff that was standardised in the software industry years ago.
  10. gurbinav thread starter macrumors newbie

    Aug 16, 2011
    My entire point was losing your phone is no longer a requirement.


  11. Todd B. macrumors 6502

    May 1, 2013
    Don't worry, Google says this is all in the name of "promoting security"....

    Seriously, though, iCloud Keychain is going to solve this (and you shouldn't be saving passwords in the browser any way).
  12. Steve121178 macrumors 68040


    Apr 13, 2010
    Bedfordshire, UK
    I don't rate Apple's security or their response to security issues so I'll be damned if I'm going to let my passwords sit on Apple's servers.
  13. maflynn Moderator


    Staff Member

    May 3, 2009
    [MOD NOTE]
    Thread reopened - the linked news story is about a different security flaw. Sorry for the confusion.
  14. gurbinav thread starter macrumors newbie

    Aug 16, 2011

Share This Page