Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

gurbinav

macrumors newbie
Original poster
Aug 16, 2011
6
0
Everyone's talking about how you can unlock the device without a passcode which is minor. Here's what we need to worry about:

Go into Preferences>Safari>Passwords and Autofill>Saved passwords

There you'll find all of your saved passwords in PLAIN TEXT.
 
Uau, that's a "big" finding!

So... do you want to see the password like *****?
What is the use?
You can use that list if you forget a password.

The simple rule is "never let a browser memorise passwords!"

The same thing on desktops!

P.S. Use 1password for logins on Windows/Mac/IOS
 
Everyone's talking about how you can unlock the device without a passcode which is minor. Here's what we need to worry about:

Go into Preferences>Safari>Passwords and Autofill>Saved passwords

There you'll find all of your saved passwords in PLAIN TEXT.

It asks for your passcode when you go to view any password.
 
I dont have a passcode lock set. My phone rarely leaves my hands and if it were to get stolen I know I would need to change my passwords immediately. That was a risk I was willing to take.

Now, however, instead of having to gain physical access to my phone for a significant amount of time, finding out passwords is a matter of 30 seconds of snooping!
 
I dont have a passcode lock set. My phone rarely leaves my hands and if it were to get stolen I know I would need to change my passwords immediately. That was a risk I was willing to take.

Now, however, instead of having to gain physical access to my phone for a significant amount of time, finding out passwords is a matter of 30 seconds of snooping!

Put a passcode lock on it then.

Anyone who doesnt have a passcode lock deserves to have their details nicked if they lose their phone.
 
It shouldn't display them full stop. It should just show the user name and the fact you have a saved password. The only options should be to delete it, or re-enter it if it has changed.

It shouldn't be a password reminder service, put a "hint" field in for that.

This is pretty basic stuff that was standardised in the software industry years ago.
 
@sim
My entire point was losing your phone is no longer a requirement.

----------

@eresin

http://m.bbc.co.uk/news/technology-24170429
 
Don't worry, Google says this is all in the name of "promoting security"....

Seriously, though, iCloud Keychain is going to solve this (and you shouldn't be saving passwords in the browser any way).
 
Don't worry, Google says this is all in the name of "promoting security"....

Seriously, though, iCloud Keychain is going to solve this (and you shouldn't be saving passwords in the browser any way).

I don't rate Apple's security or their response to security issues so I'll be damned if I'm going to let my passwords sit on Apple's servers.
 
[MOD NOTE]
Thread reopened - the linked news story is about a different security flaw. Sorry for the confusion.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.