14 Replies Latest reply: Jun 14, 2014 5:41 AM by Shony
robertangelini Level 1 Level 1 (0 points)

In IOS7 it is so easy for anyone to go into your safari settings and see your passwords for all the websites you visit.

 

Just goto

settings

safari

Passworda & AutoFill

Saved passwords

 

All you need is the unlock code on your phone to view the Passwords, associated ID's and the website they belong to.

 

Many times I give my phone to someone and tell them my passcode so they can make a call. At the very least my kids have my passcode.

How can I keep using stored passwords for safari but not have to worry that ALL my passwords are visible to anyone who wants them?


iPhone 4S, iOS 7
  • Meg St._Clair Level 8 Level 8 (43,515 points)

    There are password keeper apps that can be passcoded. Password1 is a popular one. You store your passwords in them instead of Safari, then copy/paste as required, as I recall.

     

    But are you really giving your phone to people to make a call and wandering off, allowing them time to rummage through your phone? Unlock the phone, hand it to them, take it back when the call is done. And the less said about giving your password to children, the better.

     

    Best of luck.

  • robertangelini Level 1 Level 1 (0 points)

    thank you but i was more hoping there was a feature in the phone that disabled showing the password.

     

    Most utilites will put dots where the password is, but in this sytem is shows the actual password.

     

    Does anyone know how to change the settings so the actual password does not show?

  • Meg St._Clair Level 8 Level 8 (43,515 points)

    robertangelini wrote:

     

    thank you but i was more hoping there was a feature in the phone that disabled showing the password.

    Nope.

  • ddkilzer Level 2 Level 2 (300 points)

    Do you have a passcode set for your iPhone that you must enter when unlocking it?  I believe the passcode for the iPhone is used to require viewing saved passwords for MobileSafari.

  • robertangelini Level 1 Level 1 (0 points)

    Yes I have a passcode to unlock the phone. But the problem is when the phone is not locked and I give my phone to someone, they are able to then view all my passwords of every website I visit. I guess Im the only one who sees the problem here. Either  I dont have safari save all my passwords or never let anyone use my phone.

  • Meg St._Clair Level 8 Level 8 (43,515 points)

    Again, don't let people you don't trust to be respectful use your phone.

  • D.F. Level 1 Level 1 (20 points)

    I'm with Robert. I think the new Safari password manager in iOS 7 is an incredibly huge security hole. I couldn't believe my eyes when I saw all my lenghty and complex passwords in clear text! All you have to know is a ridiculously weak 4-number code! 8-/

     

    By the way I wonder if iCloud Keychain is already active, as I mysteriously found passwords of websites that I know for sure I only visited from my Mac??!

  • ddkilzer Level 2 Level 2 (300 points)

    D.F. wrote:

     

    I'm with Robert. I think the new Safari password manager in iOS 7 is an incredibly huge security hole. I couldn't believe my eyes when I saw all my lenghty and complex passwords in clear text! All you have to know is a ridiculously weak 4-number code! 8-/

     

    You should not be limited to a 4-digit passcode.  If you go to Settings > General > Passcode Lock*, you may change it to an arbitrary length passcode using any character on the provided keyboard.  (You just have to type in that passcode at the lock screen every time as well.)

     

    * It's called "Touch ID & Passocde" on iPhone 5s.

  • robertangelini Level 1 Level 1 (0 points)

    your missing the point

     

    Sometimes users like to allow others access to the phone but still not want to share all my safarie passwords.

     

    For example, I allow my wife, my kids and some co workers access to the phone for various reasons. My wife does the same thing.

     

    We think the passcode to access the phone should not allow everyone access to  passwords and credit card numbers

     

    In my opinion this is a very bad enhancement that came out with ios7.

  • lifeisaproject Level 1 Level 1 (0 points)

    Yeah, this is a shame for Apple.

     

    I am with Robert, and D.F.

    I was also shocked when I first saw all the passwords listed in the Safari settings. It felt like me looking at my naked body.

    I also had the same observation as D.F's -- that the Safari on my iPhone seems to have collected all passwords from my mac's Safari (I turned on sync across devices for Safari bookmarks, settings and everything over iCloud for convenience, and perhaps that's why.)

     

    They should've at least had to put one step of security before showing the passwords -- just the way the Keychain Access app works in mac or even the mac version Safari's passwords tab does (first showing dots, then asking the admin password when clicking "Show Passwords").

     

    I hope they realize this problem and fix it in the upcoming updates.

  • DavidByronBay Level 1 Level 1 (0 points)

    Robert, did u have any luck with this STUPID mistake Apple has created, I am now in same boat !

  • robertangelini Level 1 Level 1 (0 points)

    I haven't heard anything about a fix for this. I'm surprised more people are not aware of this serious security problem

  • SchevD Level 1 Level 1 (0 points)

    This is a major omission.  The passcode for showing the stored Safari passwords should be completely different from the main device unlock passcode (whether Ipad/Iphone - doesn't matter).

    As the rest of you - I do ocassionaly give access to others on the Iphone/Ipad - and DO NOT want them getting all my passwords.

  • Shony Level 1 Level 1 (5 points)

    Totally agree. I don't even have a passcode on my device, simply because I don't want to put a passcode everytime I unlock the phone, which happens hundreds of times a day.

     

    It's not clear why there can't be different level of security. Same applies for Mac: Safari passwords are protected only by your Mac password, which has to be simple enough to type it quickly everytime you want to unlock your Mac.

     

    I ended up disabling iCloud Keychain, and using 1Password instead.