Security of safari saved passwords and autofill


so, downloaded newegg onto 10.5 ipad , when went login app able access safari saved passwords autofill password. able without me using touchid or putting in device passcode. on top of this, app has option "show" password—essentially showing hidden password. got me thinking websites have option reveal hidden password on password field. believe assumption our devices must first unlocked use of touchid or device password before access granted autofill our saved passwords, seem me short sighted. nefarious person need access unlocked device , view password site or app has "view" toggle or similar.

ios , macos require input of device password or touchid in order access our full list of saved passwords, why same standard not applied when autofilling passwords apps or websites? feel glaring oversight in security. there should @ least option in settings require input of device password or touchid whenever access saved passwords needed, particularly when auto filling passwords apps or websites. toggle should password protected, "find —" setting protected. have read, issue seems have been addressed in ios 11, @ least in case when app requests access saved passwords (it require touchid). security flaw still remains when auto filling website passwords.

has been addressed before? missing something? there setting i'm missing performs security functions outlined above or similar? if has been addressed , still issue, wtf apple!

have attached photo of newegg app illustrate mean option show password. also, while newegg app prompt touch id, need hit cancel , saved password prompt comes up. while flaw in newegg app, issue illustrated above still applies websites autofill passwords. great example sign in page google, have attached photo of.

img_0004.jpg img_0006.jpg
 

as security, lock devices when unattended. accident happen on unlocked device. reckon it's secure, if not more so, other cloud-storage password options. if upmost security thing, recommend using app 1password local-only vault, , can sync vault between devices on home wifi network. can use safari 1password app extension directly in safari auto-fill passwords, , can set 1password require touch id each time mentioned.
 


Forums iPhone, iPad, and iPod Touch iOS iOS 10


  • iPhone
  • Mac OS & System Software
  • iPad
  • Apple Watch
  • Notebooks
  • iTunes
  • Apple ID
  • iCloud
  • Desktop Computers
  • Apple Music
  • Professional Applications
  • iPod
  • iWork
  • Apple TV
  • iLife
  • Wireless

Comments

Popular posts from this blog

How would you like to be sentenced by a computer program?

MBP extremely slow, HDD cable replaced, what next?

How much is my cMP worth?