[Feature Request] Don't Save Account Passwords in Backup
My User Experience:
I created a new backup and chose to backup my active 'accounts' too. When I did a restore, after resetting my device, I noticed that all the accounts worked 'out of the box'.
Expected behaviour:
I thought only the basic info of the account (like user name or email id) and its associated settings will be in the backup, and not the password too. And the system would request for my passwords again once I did a restore.
Suggestion:
Please do not save any account passwords in the backup. When a user does a restore, ask the user to enter the password again.
OR
Provide an opt-in option "Backup My Account Passwords too", when somebody selects "Accounts" for backup.
Additonal Info:
1. If the backup is stored on an SD card it is easier to target it as the SD card can be more easily removed from the phone, than trying to get data from a PIN locked phone.
2. We occasionally share our SD cards and if there is a backup file on it, someone could copy it intentionally / accidentally. Same with a backup on a computer that is accessed by multiple users.
(And I did read a query here that the password aren't stored securely in Jolla).
By default, backup also contains private messages, photos, notes, browser history, call history and contacts. Easy solution to prevent people from accessing your backups (your private data): don't put them on shared resources.
nthn ( 2014-10-07 17:26:08 +0200 )edit@nthn Thanks for the info - good points. I only backup my contacts and accounts, as I ignore the rest or back it up separately (for example, photos). Basically, I just want the backup to only have the bare minimum to get the phone up and running and usable immediately when I do a restore. But even if you do backup everything, I still feel its a really bad idea to backup the passwords.
sifartech ( 2014-10-07 17:33:27 +0200 )editIt could work as an opt-out option, I suppose. Opt-in would be silly because I assume most people would set it to back up the passwords as well anyway.
nthn ( 2014-10-07 17:59:08 +0200 )editOk, I am a bit confused now. Doesn't 'opt-in' mean that the user has to explicitly enable it (opt for the option)? So that means, by default, it would be disabled and passwords won't be backed up (which is the more secure approach). Or am I mixing up the terms / misunderstanding you?
sifartech ( 2014-10-07 20:22:02 +0200 )editExactly, most people would want their passwords to be backed up, so it would be strange to make it opt-in, because most people would opt in. As such, it should be opt-out. Indeed, it's more secure to not back up your passwords. It's even more secure to not backup at all, because then anyone with malicious intent wouldn't even know the accounts to take a look at.
nthn ( 2014-10-07 23:35:26 +0200 )edit