Homepage    |    GitHub    |    API    |    Wiki    |    FAQ

Disallow enabling encryption without master password already set (Desktop)

This is a slightly different than previous proposals for the same issue. Instead of the 'enable encryption' flow requiring entering the master password twice (to create one), which would require a major rewrite, how about disallowing enabling encryption until a master password is set?

References for closed FR and GitHub Issues which proposed adding a verification field on the enable encryption flow.

GitHub Issue #1656 (sorry no link, new users can only post one link).

In recent versions, the master password is set when you enable encryption so I think it already works like you're suggesting. You need v2.5 at least.

@laurent Actually my suggestion is to revert that. Setting the master password when you enable encryption doesn't ask for confirmation (at least it didn't for me with 2.5.12 (prod, linux)) of the new master password (which means if you typo, as I did, fortunately only one note as I was just starting, that you are out of luck).
I think the safest option is to complain if the master password is not set when you try to enable encryption (unless it is possible to add a confirmation field for the password, but from the references, above, I gathered it's effectively not possible).

But you can now change the master password if you make a mistake, so that should solve that issue too?

Maybe I missed something, but it looks like changing the master password requires knowing what the old password was -- if you don't know what you screwed up you can't enter the old password correctly.

I also didn't find a way to simply remove the master password and try again (but thinking about it, I think when I was playing around I started setting up sync (but stopped before authenticating) which may have been a factor).

If it is supposed to be possible to remove (or change) the master password without knowing the old one when there is no sync setup, I can setup a VM and try to reproduce how I messed up, for an issue report.

I was going to say that you can reset the password if you forgot it, but I've just realised the option doesn't show up when the password is already in the keychain (with the assumption that there's no need to reset it, if it's already there).

I think what's missing is something like a "Show password" link so that if the password is in the keychain users can recover it from there. I'll add that in the next version. I'll also make a few tweaks to the password dialog to clarify how it works.

2 Likes