[Feeature Request] Option for password sharing about buttercup-mobile HOT 7 OPEN

Regarding the QR code - I like this better, but what would the receiving side look like? Would you use Buttercup there too to scan the QR? If not you're just scanning using the base camera app or QR code scanning app and it falls into the same problem as the first point

Sharing passwords to devices without Buttercup should be the important point, because in my scenario the target device doesn't have an internet connection or Buttercup installed.

How would you transfer a password from Buttercup to another device that doesn't have internet access and doesn't have Buttercup installed at the moment? For now every time I'm in that situation I have to do the workaround of copying the password to a note and send it to another device via Bluetooth (and make sure to delete the file).

from buttercup-mobile.

The ability to receive doesn't infer that internet access is required - I was talking offline.

My issue here is moreso sending credentials to others via an app such as WhatsApp etc - it's ugly and promotes terrible security practices. I recognise that there are edge cases and that users might just want the power to do this, but just adding it would present every user with such an option and that would be an endorsement from us. This will probably mean we won't add it in this form.

I still like this idea and want to keep it open but it needs to be fleshed out a bit more :)

from buttercup-mobile.

I'd consider NFC and QR codes. Not sure about Bluetooth but I'd consider it if someone contributes it.

Probably a warning would be enough to ease a bit of liability here.

Good idea! Let's see when we get to this. Thanks :)

from buttercup-mobile.

Sure, but we still need to consider that the sync'd entries will de-sync after one side changes something, so we need to include update functionality.

But yes, it's a necessary first step before sync'ing within an account like via a hosted server.

from buttercup-mobile.

Hmm.. this is an interesting idea. I both see the use in it, and am also hesitant to accept it because of the security implications. Being able to immediately ship passwords off a device is potentially very dangerous. I'll think on this one.

Regarding the QR code - I like this better, but what would the receiving side look like? Would you use Buttercup there too to scan the QR? If not you're just scanning using the base camera app or QR code scanning app and it falls into the same problem as the first point.

from buttercup-mobile.

I understand your concerns and my main idea of sending passwords to devices nearby would be Bluetooth and QR-Code, perhaps NFC. These ways of data transfer work without any third party app involved. If the password was transferred to the target it's on the owner of the password to remove remaining files on the target.

Further I thought about a way to ensure encryption and temporary access to the password with the help of an HTML file embedded into a QR-Code. I rejected this idea because 1) it's not possible to embedd an HTML file into QR Codes (most readers don't support/block base64 URLs) and 2) even if it was possible it would need third party libraries to be embedded into the HTML file (=> too many chars in base64 for data URL).

This is just an idea that came into my mind because situations of sharing (WLAN-) passwords happen to me quite often 😅

from buttercup-mobile.

maybe, if the qr code reader from #310 works this feature could be added. Sharing vault entries via qr code would be very nice (encrypted, both sides need Buttercup) or unencrypted (other side just needs an qr code reader) :)

from buttercup-mobile.