Do we have this feature on one-click login sharing, where user can login, but is not able to view the actual password?
Hi @smshivamsm Welcome to the forum!
What app is this you are showing?
See this post for more info: What are the differences between the sharing permissions options?
Zoho vault is the app.
This feature doesn’t exist in passbolt. I don’t know if it is planned to add such feature or not.
Please update if there is a plan on this, else I will continue with Zoho vault.
Our view is the “one click login” or “use password without seeing it” gives false expectations of security. There is no such thing as being able to use a password without having the ability to see them.
In practice a user who wants to see the password can replace
<input type="password" to
<input type="text" in the code to see it, or right click on a page > inspect > go to network tab and see the password being sent as part of the data.
We often hear “yes but my users don’t know this”, but for us it’s not a good enough business case. Of course we may reconsider if there are better arguments that we are missing.
Yes, I agree with the point entirely for a tech agency, but most of the staff at my ecom agency are not so tech-friendly. This feature for an organisation helps maintain password security and integrity. Please consider this and then I would love to shift completely from zoho vault to passbolt.
I talked with the team yesterday on this, and they changed my opinion a bit. There is some merit in implementing a “use only” feature, in conjunction with disabling export, copy to clipboard, preview, etc features.
It makes it slower to “copy” the password, and at least slow people down when doing so.
The business case would be an admin in a company has people copying credentials locally and actively avoiding using the chosen solution of an organisation. This may help an admin drive adoption / enforce best practices. Not super high on my whishlist of things to do still, but it’s not off the table.
We would need to set expectations clearly though for the administrators, as we don’t want to encourage security theater.
I totally agree with your idea.