As a user I can share a password with another user, this password can be used but not seen

Q1. What is the problem that you are trying to solve?
Sharing a password with a team member when the permission is “read” is problematic due to the fact that if that team member leaves the team they can copy it and use it.

Q2 - Who is impacted?
This affects only users working as a team

Q3 - Why is it important and/or urgent?
TBD

Q4 - What is your proposed solution? (optional)
So I suggest a new permission “hide password” so that some user can only use a password and not see it.
An admin create a password, share it with a team member, the password is shared but hidden, the team member can use it to login without knowing the actual password.

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters

admin edit: small edit of the request to match the format. Importance to TBD as generic sentence was used.

From my perspective this feature will not give realistic security benefit. To my knowledge a user cannot just “use” a password without “reading” it. There is no simple mechanism to prevent a user that can use a password to sneak behind the inner working of the application or a given webpage to get access to this information. For example a user could very much use the development tools of their browser to inspect the content of the webpage where the password is used and capture the information when it’s pasted in the page or in transit over the network.

The solution from my perspective is: