Insecure Password Field

[xbakesx]

When creating an account, the password field shows the numbers entered instead of it being a true password field.

There are trade-offs here. In the current versions of Android, there is no numeric password (there is one added in 3.0 Honeycomb). So we can make the password field here secure, however that means every time you enter a password you have to hit alt to get to numbers.

[poundifdef]

Do we know that VM pins only consist of [0-9]?

[xbakesx]

Hmm I though so... so that you can enter it from a non-smart phone... I
guess I should look into changing it.

~Alex

PS not that my pin is only digits...

Sent from my glorious Android mobile device.
On May 27, 2011 11:27 AM, "poundifdef" <
[email protected]>
wrote:

Do we know that VM pins only consist of [0-9]?

Reply to this email directly or view it on GitHub:

#8 (comment)

[poundifdef]

Okay, i looked at their website:

Your Account PIN must be:
-6 numbers (no letters or special characters)
-no more than 3 identical numbers in a row (222)
-no more than 3 sequential numbers (such as 234)

But I'm in favor of switching back to the normal keyboard, just so we have the protected-password-box feature!

[xbakesx]

Cool you can change the input type and remove numeric in account_dialog.xml

Sent from my glorious Android mobile device.
On May 27, 2011 12:00 PM, "poundifdef" <
[email protected]>
wrote:

Okay, i looked at their website:

Your Account PIN must be:
-6 numbers (no letters or special characters)
-no more than 3 identical numbers in a row (222)
-no more than 3 sequential numbers (such as 234)

But I'm in favor of switching back to the normal keyboard, just so we have
the protected-password-box feature!

Reply to this email directly or view it on GitHub:

#8 (comment)