Closed Bug 813775 Opened 12 years ago Closed 10 years ago

WiFi hotspot: Internet Sharing screen shouldn't show the WiFi password in plain text

Categories

(Firefox OS Graveyard :: Gaia::Settings, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Settings
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-basecamp:-)

Status:
RESOLVED FIXED
Project Flags:
blocking-basecamp -

People

(Reporter: dholbert, Assigned: jroesslein)

References

Details

(Keywords: b2g-testdriver, unagi, Whiteboard: burirun3) 

(This bug will only be relevant once you can actually turn on WiFi security -- bug 806758)

when I visit the "Internet Sharing" screen (to access the Wi-Fi Hotspot slider), my password is printed in plain-text on that screen.

So, I can't turn on my Wi-Fi hotspot without also revealing the password to anyone near enough to see my phone (e.g. strangers sitting next to me / behind me on a train.)

This largely defeats the purpose of using a password on the network.

EXPECTED RESULTS:
 - There shouldn't be a password field on the "Internet Sharing" screen -- or, if there must be one, it should just display "*********".
 - The password can still be shown in its editable textfield in the "Hotspot Settings" configuration page, so users can still find it there.
Version info: I'm using latest stable dogfood build, Build Identifier 20121115145434.
OS: Linux → Gonk (Firefox OS)
Hardware: x86_64 → ARM
Summary: WiFi hotspot: Internet Sharing screen shouldn't show the password (or should show it as ****) → WiFi hotspot: Internet Sharing screen shouldn't show the WiFi password in plain text
Gaia Triage: Although on the surface this seems serious, this actual use case is more like Bluetooth pairing so the password isn't super sensitive. I haven't found the spec but this may be by design, security can re-nominate this if they think it is an issue.
blocking-basecamp: ? → -
Keywords: sec-review-needed
Yeah, this is one of those corner cases.. in general best practice is to not show passwords by default.  In this case its though its not unreasonable that the only two purposes for that field are:
a) see the current password
b) change the current password (in which case, shoulder surfing on a phone is not as common an issue)

I can live with it.
P.S.  The most common solution is to have a "show password" checkbox that is off by default.
(In reply to Lucas Adamski from comment #4)
> the only two purposes for that field are:
> a) see the current password
> b) change the current password

No, it doesn't serve purpose (b) -- right now, you have to go to a *different* place to *change* the password.  (accessible via a button on that page, "Hotspot Settings")

Per comment 0, I agree that it makes sense to show the password *there* (since that section is where you go if you want to explicitly change the settings, and that's probably infrequent)

So, that other field (in Hotspot Settings) serves both (a) and (b) purposes -- but the field I filed this bug about only serves purpose (a), along with revealing your password to anyone sitting near you.  I wonder if the field should just be removed?
sec-review?:pauljt as he has been doing much of the review work on FxOS
Flags: sec-review?(ptheriault)
Flags: needinfo?(ptheriault)
Keywords: sec-review-needed
(In reply to Daniel Holbert [:dholbert] from comment #6)
> (In reply to Lucas Adamski from comment #4)
> > the only two purposes for that field are:
> > a) see the current password
> > b) change the current password
> 
> No, it doesn't serve purpose (b) -- right now, you have to go to a
> *different* place to *change* the password.  (accessible via a button on
> that page, "Hotspot Settings")
> 
> Per comment 0, I agree that it makes sense to show the password *there*
> (since that section is where you go if you want to explicitly change the
> settings, and that's probably infrequent)
> 
> So, that other field (in Hotspot Settings) serves both (a) and (b) purposes
> -- but the field I filed this bug about only serves purpose (a), along with
> revealing your password to anyone sitting near you.  I wonder if the field
> should just be removed?

Personally I think the UI trade off here is better the way we have it. The point of this page is to see your tethering settings so you can connect to your ad hoc network. Just hiding the field isn't of much benefit since the mitigation to shoulder surfing is bringing the user's attention to the fact that their password is about be shown. I.E. if we are going to fix it, we should fix it in a standard way, and have a "show password" checkbox as suggested in comment 5. 

However my personal preference is leave the way it is. Android hides the password, IoS shows the password - so prior art is divided. I don't feel strongly either way though but this doesn't need further security review.
Flags: sec-review?(ptheriault)
Flags: sec-review+
Flags: needinfo?(ptheriault)
Dear all:
as a ordinery user, I think the simplest is the best. So why not remove the "name", "password" or "security" label and just keep the "Wi-Fi hotspot" slider and "Hotspot settings" button. And if we get into the hotspot settings ,we should have a checkbox to control the display of password text.
(In reply to 蔡弼 from comment #9)
> Dear all:
> as a ordinery user, I think the simplest is the best. So why not remove the
> "name", "password" or "security" label and just keep the "Wi-Fi hotspot"
> slider and "Hotspot settings" button. And if we get into the hotspot
> settings ,we should have a checkbox to control the display of password text.
and then we can also skip these overlaps bugs, such as #825366.
I feel like there are two separate issues here:

(1) should this settings screen show the password?

(2) should there be a way to enable/disable internet sharing without showing the password?

It's possible to fix (2) without fixing (1), e.g., by having UI elsewhere that allows turning tethering on/off.


I mainly use tethering when I'm on public transit, and I don't really want other people sharing my connection.  Yet to turn tethering on/off, I need to display my password to the people next to me, at least for a few seconds, and I'd prefer not to have to do that.
Whiteboard: burirun3
This was fixed a while ago by moving the password into a sub-screen:
https://github.com/mozilla-b2g/gaia/commit/b0a98d57cddb583c8c0bed4adcfa67893465ab70

So this was fixed by bug 947563.
Assignee: nobody → jroesslein
Status: NEW → RESOLVED
Closed: 10 years ago
Depends on: 947563
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.