Hacker News new | past | comments | ask | show | jobs | submit login

>The master password question for showing individual passwords in the Keychain.app does not protect your passwords.

That's insane too then! as it suggests/teaches that keychain passwords are master password protected.




Yes and no. If you're in the Keychain.app a user expects security question for revealing passwords.

On the other hand: if you in a third party app you just click "allow" and the app can use that password. Let's read that again: an arbitrary third party app … has access … to a password … by just clicking a button. You have probably done this many times (if you're using a Mac), but without thinking much about it (convenience).

Obviously there must be a way so that everyone can write a little app, request and access a password with a single mouse click and then show it in plain text.

(Always under the assumption that the keychain is already unlocked.)


> On the other hand: if you in a third party app you just click "allow" and the app can use that password. Let's read that again: an arbitrary third party app … has access … to a password … by just clicking a button.

It's possible to require the master password for each password release, though that is not the default and — in 10.6 — it seems there is no way to enable this globally, it has to be set individually per password as far as I can see.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: