[Cyberduck-trac] [Cyberduck] #9096: Remove password saved to keychain
Cyberduck
trac at cyberduck.io
Tue Oct 30 13:40:43 UTC 2018
#9096: Remove password saved to keychain
-------------------------+---------------------------
Reporter: gnotaras | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: core | Version: 4.7.3
Severity: normal | Resolution: worksforme
Keywords: | Architecture:
Platform: Windows 10 |
-------------------------+---------------------------
Comment (by dkocher):
Replying to [comment:9 pschumm]:
> I'm coming back to this because we continue to have problems with users
who enter their passphrase incorrectly the first time they try to connect.
On both OS X and Windows, Cyberduck appears to save the passphrase (if the
user has checked the box to do so) ''even if the connection attempt is
unsuccessful''. This creates a problem when the user tries to connect
again—the stored passphrase is then tried and fails (since it is
incorrect), and Cyberduck automatically falls back to password
authentication (which we do not permit for security reasons). Although a
savvy user may figure out what's going on and can delete the stored
passphrase as described in the thread above, the average user simply
perceives that he or she is unable to connect, despite having followed our
instructions for setting up key-based authentication. Of course, users
''should'' remember their passphrase and type it correctly, but many
simply don't.
>
> In sum, I believe that when using key-based authentication, Cyberduck
should not store a user's passphrase in the system keychain until the
connection has been successfully established. This would avoid storing an
incorrect passphrase, which can then cause confusion on the part of the
user. I believe that this is the standard behavior for web browsers that
store credentials.
>
> If you would like me to create a new ticket for this, please let me
know. Thanks very much.
Yes, please create a new ticket. We should only ever save passwords in the
credential manager upon successful login.
--
Ticket URL: <https://trac.cyberduck.io/ticket/9096#comment:10>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list