Bug 224686

Summary: KPasswordDialog should have a "show password" option
Product: [Frameworks and Libraries] frameworks-kwidgetsaddons Reporter: Nicolas Piguet <npiguet>
Component: generalAssignee: Christoph Feck <cfeck>
Status: RESOLVED FIXED    
Severity: wishlist CC: cfeck, hhgebel, kde, kdelibs-bugs, lemma, simonandric5
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Unspecified   
Latest Commit: http://commits.kde.org/kwidgetsaddons/77e030112909e218aa85f851b289d298dc68a9f2 Version Fixed In:
Sentry Crash Report:

Description Nicolas Piguet 2010-01-28 22:55:10 UTC 
Version:            (using KDE 4.3.4)
Installed from:    Ubuntu Packages

When kwallet (or is it kwalletmanager?) wants to open a wallet it shows the password dialog. I use a pretty long and complicated passphrase as my wallet password, in which it is quite common that I make a typo. In the current password dialog the password is displayed as a series of circles as I type it, which makes me unable to detect typos. This is pretty annoying because I sometimes, say late at night for example ;-), have to retype my long passphrase several times.

I understand that the circles are there for security to avoid that somebody looking over my shoulder at the time can see and steal my password. While I agree on the principle, I have noticed that 99% of the times I type my password, I am completely alone at my desk and this security feature is completely useless.

I found an excellent workaround for this problem in some programs such as truecrypt, or some dialogs in windows vista. They have started adding a "show password" (or similarily worded option) checkbox below the password text field which, when checked, results in the password being shown in clear text. By default this checkbox is unchecked and the password is obfuscated.

Adding this option to the kwallet password dialog would significantly enhance the usability for people like me with pretty complex passwords (ie: painful to re-type passwords), and not change anything for others.
Comment 1 Christoph Feck 2010-01-29 02:14:02 UTC 
It would be useful for every password entry, not just KWallet. I agree that it should always default to "hide password", but have a check box to change that.
Comment 2 Michael Leupold 2010-01-30 09:06:15 UTC 
Adding it to all KPasswordDialogs might not be favourable for all users though. Eg. for KPasswordServer's dialogs the password gets prefilled in case it is read from KWallet. This means that others may get the cleartext password by clicking this checkbox.

Actually adding the checkbox doesn't really worsen "actual" security as third parties who want to get access to the password could just use kwalletmanager but some KWallet users might still dislike it (eg. there are users who'd like to see an extra password dialog added that pops up when they access an already opened wallet using the manager).

Overall: I'm not sure if we have more users who'd like such a checkbox or more who absolutely don't want it.
Comment 3 Christoph Feck 2010-02-24 01:38:12 UTC 
Would it make sense to only enable the checkbox when the field started empty? So you would not be able to read prefilled passwords, but only those that you actually typed there.
Comment 4 Harry Henry Gebel 2010-04-17 12:20:01 UTC 
Christoph, I really like your idea about the checkbox only being enabled when the field starts empty. The checkbox could also be requested on a per-application basis.
Comment 5 Elvis Angelaccio 2015-08-28 09:14:28 UTC 
Git commit 77e030112909e218aa85f851b289d298dc68a9f2 by Elvis Angelaccio.
Committed on 28/08/2015 at 09:12.
Pushed by elvisangelaccio into branch 'master'.

KPasswordDialog: let the user change the password visibility

This feature allows the user to change the visibility of the password being typed.
By clicking on the new action appended to the password's QLineEdit, the echo mode will switch between Normal and Password. The two (Breeze) icons used for the action (one for each state) are also included through a .qrc file, so that this feature will be available even for non-Plasma systems where Breeze is not installed.

If a password is given as preset to the dialog, this feature will not be enabled, in order to prevent possible leaks.

REVIEW: 124698

M  +3    -0    src/CMakeLists.txt
A  +6    -0    src/icons.qrc
A  +148  -0    src/icons/hint.svg
A  +137  -0    src/icons/visibility.svg
M  +32   -1    src/kpassworddialog.cpp
M  +3    -0    src/kpassworddialog.h

http://commits.kde.org/kwidgetsaddons/77e030112909e218aa85f851b289d298dc68a9f2