[Feature Request] Don't Save Account Passwords in Backup

asked 2014-10-07 16:53:13 +0300

sifartech
6679 ●104 ●126 ●123

updated 2014-10-08 03:44:41 +0300

My User Experience:
I created a new backup and chose to backup my active 'accounts' too. When I did a restore, after resetting my device, I noticed that all the accounts worked 'out of the box'.

Expected behaviour:
I thought only the basic info of the account (like user name or email id) and its associated settings will be in the backup, and not the password too. And the system would request for my passwords again once I did a restore.

Suggestion:
Please do not save any account passwords in the backup. When a user does a restore, ask the user to enter the password again.

OR

Provide an opt-in option "Backup My Account Passwords too", when somebody selects "Accounts" for backup.

Additonal Info:
1. If the backup is stored on an SD card it is easier to target it as the SD card can be more easily removed from the phone, than trying to get data from a PIN locked phone. 2. We occasionally share our SD cards and if there is a backup file on it, someone could copy it intentionally / accidentally. Same with a backup on a computer that is accessed by multiple users.

(And I did read a query here that the password aren't stored securely in Jolla).

edit retag flag offensive close delete

Comments

2

By default, backup also contains private messages, photos, notes, browser history, call history and contacts. Easy solution to prevent people from accessing your backups (your private data): don't put them on shared resources.

nthn ( 2014-10-07 17:26:08 +0300 )edit

@nthn Thanks for the info - good points. I only backup my contacts and accounts, as I ignore the rest or back it up separately (for example, photos). Basically, I just want the backup to only have the bare minimum to get the phone up and running and usable immediately when I do a restore. But even if you do backup everything, I still feel its a really bad idea to backup the passwords.

sifartech ( 2014-10-07 17:33:27 +0300 )edit

It could work as an opt-out option, I suppose. Opt-in would be silly because I assume most people would set it to back up the passwords as well anyway.

nthn ( 2014-10-07 17:59:08 +0300 )edit

Ok, I am a bit confused now. Doesn't 'opt-in' mean that the user has to explicitly enable it (opt for the option)? So that means, by default, it would be disabled and passwords won't be backed up (which is the more secure approach). Or am I mixing up the terms / misunderstanding you?

sifartech ( 2014-10-07 20:22:02 +0300 )edit

2

Exactly, most people would want their passwords to be backed up, so it would be strange to make it opt-in, because most people would opt in. As such, it should be opt-out. Indeed, it's more secure to not back up your passwords. It's even more secure to not backup at all, because then anyone with malicious intent wouldn't even know the accounts to take a look at.

nthn ( 2014-10-07 23:35:26 +0300 )edit

10

answered 2014-12-10 07:36:34 +0300

dez

7104 ●78 ●94 ●94

moderator

There are plans to add a way to choose are passwords should be put into backup or not. Also backup encryption is in the queue, it will allow to protect information in a better way.

edit flag offensive delete publish link

Comments

Or password protect the backup file itself?

anandrkris ( 2014-12-10 08:23:05 +0300 )edit

@anandrkris this is the separate feature and it does not contradict option: some people still do not want to encrypt backups but want to save passwords there and vice versa.

dez ( 2014-12-10 08:25:21 +0300 )edit

Hmm... 'Or' is wrong usage above. Meant also give an option to password protect along with backup encryption.

anandrkris ( 2014-12-10 10:45:38 +0300 )edit

Thanks for the update - an option whether to backup the password(s) too does seem to be the best approach. On backup encryption, a suggestion - perhaps you can use some hardware id of the phone itself as the encryption key for the backup. That way, the phone could automatically handle the encryption / decryption and the user need not have to bother to remember or save the key somewhere.

sifartech ( 2014-12-11 06:33:39 +0300 )edit

1

@sifartech - If its tied to hardware then I wont be able to transfer stuff to any Jolla new device replacement. I remember, on my brother's iPhone new replaced device he could restore everything, including wallpapers when he got the phone replaced for home button issue. I guess, in iPhone backup is stored in cloud or in iTunes...

anandrkris ( 2014-12-11 07:25:09 +0300 )edit

0

answered 2014-10-08 05:53:32 +0300

simo

29079 ●345 ●466 ●481

http://reviewjolla.blogsp...

This non-answer offers a workaround while there's no option to exclude passwords from the backup file:

Before creating the backup, you can go through your account and update their sign-in credentials with wrong/empty password.

Worth mentioning is also that information stored in a backup file is never safe, and a file containing any personal information should be kept in a private place, for example in a separate SD card stored at home. If stored in a separate SD card kept in the phone, anyone with access to the phone can take the card and see the files in it.

edit flag offensive delete publish link

Comments

1

Are you serious?

marsch ( 2014-12-10 11:11:26 +0300 )edit

1

@marsch - He did say as a "workaround", and as such it is not a bad idea. :)

sifartech ( 2014-12-11 10:41:41 +0300 )edit

lol :) I find it as awful as @marsch myself, but I just didn't come up with any better workarounds at this point. Hope there will be an easier way available one day. Thanks @sifartech <3

simo ( 2014-12-11 10:48:05 +0300 )edit

[Feature Request] Don't Save Account Passwords in Backup

Comments

2 Answers

Comments

Comments

Question tools

Stats

Related questions

[Feature Request] Don't Save Account Passwords in Backup

Comments

2 Answers

Comments

Comments

Question tools

Public thread

Stats

Related questions