Bug 484914 - sddm has the option to show password and it cannot be turned off
Summary: sddm has the option to show password and it cannot be turned off
Status: RESOLVED WORKSFORME
Alias: None
Product: kde
Classification: I don't know
Component: general (show other bugs)
Version: unspecified
Platform: Kubuntu Linux
: NOR wishlist
Target Milestone: ---
Assignee: Unassigned bugs mailing-list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-02 09:58 UTC by Simon Oosthoek
Modified: 2024-10-21 03:47 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Oosthoek 2024-04-02 09:58:58 UTC 
Originally filed on launchpad and there ignored, because it turns out to be misfiled (Thanks Scarlet!)
[original](https://bugs.launchpad.net/ubuntu/+source/plasma-workspace/+bug/1719078)

It appears that there is no way to turn off the toggle to show the password in plain text.

There are a lot of situations where accidentally having this toggle to show passwords on, while not expecting it. When people are looking at the screen who should not know the password, this is disastrous!

The toggle is hard to see, and there is hardly any visible indication that the password will be readable.
The toggle can be set by anyone having access to the login screen.

Imagine parents who want to have some control over when their children log in to the computer. The children can set the toggle and then when the parent is typing in the secret password, they can just read it.

Or when you are in a public space and you are unaware that the option has been toggled and someone is looking over your shoulder. Etc.

If this option is deemed necessary for/by some users, it should never be on by default and AFAICT it currently (17.04) isn't an option that can be configured. (I don't think this has changed since then, up to 2024)

This bug is solved for me when
- the toggle is made a configurable option
- it is set to disabled by default after installation
Comment 1 cwo 2024-09-20 22:18:45 UTC 
Thank you for the bug report!

Whether the login screen has an option to show the password is determined by the sddm theme - some themes include this, some do not.

The Breeze sddm theme that comes with Plasma does not have this feature enabled since, at least Plasma 6.1. (As the theme was moved between source code repositories then, I have been unable to trace this back further, but I suspect it was setup this way considerably longer). And I cannot find the "Show Password" action in my login or lock screen.

Is this still an issue for you with the Breeze sddm theme?

(For other themes, you would need to contact the authors of those themes )
Comment 2 cwo 2024-09-21 06:45:47 UTC 
After doing a bit more digging and testing, while the "Show Password" function is disabled in the Login screen on all distributions that I have tested, it is enabled on the lock screen. However, the setting is reset on its own when no input happens (for about 10 seconds), so an attack can't be setup much in advance.

This actually happens in KDE software not sddm so could be made configurable on our end if you feel the current situation is not acceptable.
Comment 3 Bug Janitor Service 2024-10-06 03:47:56 UTC 
๐Ÿ›๐Ÿงน โš ๏ธ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME.

For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging.

Thank you for helping us make KDE software even better for everyone!
Comment 4 Bug Janitor Service 2024-10-21 03:47:42 UTC 
๐Ÿ›๐Ÿงน This bug has been in NEEDSINFO status with no change for at least 30 days. Closing as RESOLVED WORKSFORME.