joseskvolpe / passwden Goto Github PK

Description:
When using --set argument and specifying a website without the login, after inserting a login when asked, the program doesn't wait for the user to insert a new password and already warns them about it needing at-least 6 characters

What happens:

[joseskvolpe@RaposoPC ~]$ passwden -s teste
Website: teste
Login: teste
Password:
Password or PIN must have at-least 6 characters
Password:

What is expected:

[joseskvolpe@RaposoPC ~]$ passwden -s teste
Website: teste
Login: teste
Password:

Version:
0.11.0

System information:

[joseskvolpe@RaposoPC ~]$ neofetch
██████████████████  ████████   joseskvolpe@RaposoPC 
██████████████████  ████████   -------------------- 
██████████████████  ████████   OS: Manjaro Linux x86_64 
██████████████████  ████████   Host: Aspire ES1-572 V1.17 
████████            ████████   Kernel: 5.18.6-1-MANJARO 
████████  ████████  ████████   Uptime: 5 days, 11 hours, 43 mins 
████████  ████████  ████████   Packages: 1860 (pacman) 
████████  ████████  ████████   Shell: bash 5.1.16 
████████  ████████  ████████   Resolution: 1366x768, 1920x1080 
████████  ████████  ████████   DE: Plasma 5.24.5 
████████  ████████  ████████   WM: KWin 
████████  ████████  ████████   WM Theme: GlowFreeze-Red 
████████  ████████  ████████   Theme: Oxygen [Plasma], X-Vulpus-DarkRed [GTK2/3] 
████████  ████████  ████████   Icons: Obsidian-Red [Plasma], Obsidian-Red [GTK2/3] 
                               Terminal: konsole 
                               Terminal Font: Source Code Pro Light 10 
                               CPU: Intel i3-7100U (4) @ 2.400GHz 
                               GPU: Intel HD Graphics 620 
                               Memory: 9819MiB / 11838MiB 

Showing the password in plain text before the user clean it up, while they are alone in their room, may be safe before it's cleared up, it's even safer than clipboarding it as it would be saved in history. But it also expose the user in great danger:

• The user's screen may be recorded while the passwords are being displayed either by an application, an attacker or malware
• It's unsafe to use it on public or while someone else is watching the screen
• The user might forgot to clear and exit the terminal after using the password

To mitigate these issues, the password manager must not show passwords by default, unless if something like "--show" argument is used. Clipboard must not be used either.

X11 and (if possible) Wayland protocols can be used to insert keyboard events to wherever user will be focusing. After using it and, if multiple logins are found in the database, the user selects the login, a countdown will be displayed to let the user select the password form. After the countdown, the application will send key events character-by-character to fill up the form automatically.