[Cyberduck-trac] [Cyberduck] #9096: Remove password saved to keychain

Cyberduck trac at cyberduck.io
Tue Oct 30 13:33:06 UTC 2018 

#9096: Remove password saved to keychain
-------------------------+---------------------------
 Reporter:  gnotaras     |         Owner:
     Type:  enhancement  |        Status:  closed
 Priority:  normal       |     Milestone:
Component:  core         |       Version:  4.7.3
 Severity:  normal       |    Resolution:  worksforme
 Keywords:               |  Architecture:
 Platform:  Windows 10   |
-------------------------+---------------------------

Comment (by pschumm):

 I'm coming back to this because we continue to have problems with users
 who enter their passphrase incorrectly the first time they try to connect.
 On both OS X and Windows, Cyberduck appears to save the passphrase (if the
 user has checked the box to do so) ''even if the connection attempt is
 unsuccessful''. This creates a problem when the user tries to connect
 again—the stored passphrase is then tried and fails (since it is
 incorrect), and Cyberduck automatically falls back to password
 authentication (which we do not permit for security reasons). Although a
 savvy user may figure out what's going on and can delete the stored
 passphrase as described in the thread above, the average user simply
 perceives that he or she is unable to connect, despite having followed our
 instructions for setting up key-based authentication. Of course, users
 ''should'' remember their passphrase and type it correctly, but many
 simply don't.

 In sum, I believe that when using key-based authentication, Cyberduck
 should not store a user's passphrase in the system keychain until the
 connection has been successfully established. This would avoid storing an
 incorrect passphrase, which can then cause confusion on the part of the
 user. I believe that this is the standard behavior for web browsers that
 store credentials.

 If you would like me to create a new ticket for this, please let me know.
 Thanks very much.

--
Ticket URL: <https://trac.cyberduck.io/ticket/9096#comment:9>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list