We are not going to rewrite our auth flow. I suggest people open bug reports that Shadow DOM is not supported. If 1password can do it, so can other password managers. From what I gather this is “better” as it allows more encapsulation and less ability for other applications that can read the page (like password mangers) to dig around in the fields of websites(?).Įvidently support for ShadowDOM was added to 1Password at some point, so the “official” response is now: HomeAssistant uses Polymer as the backend to it’s GUI, which uses ShadowDOM but breaks querySelectorAll. In that github issue balloob linked to a thread over at 1Password where it was stated that 1Password (and most other password managers I assume) use document.querySelectorAll to handle the password fields. Well I wouldnt go as far to say that I’M saying it or agree with it lol, but it’s the opinion of Balloob. In the meantime, I would much prefer home assistant allow my devices to store the password in the secure vaults offered by the underlying operating systems and not enforce people to adopt less secure options.Īre you saying the chrome and ios inbuilt password managers are the things at fault and they (apple and google) need to fix their code? (seriously have to run, I will revisit, thanks for your links) As mentioned, I am happy to take recommendations. Something I do trust chrome to take care of, and not just any third party app. Out of curiosity, what password manager do you use and how does it integrate with Home Assistant? Is it able to insert a password into password field of a website and by what secure mechanism does it do that? If it is using some form of encryption between it and the browser I would seriously consider it, but that also is dependant on the synchronisity of it between my systems and devices. The fact you suggest to just “remember it” leads me to believe you don’t have any short term memory problems AND you use a limited set of passwords AND/OR you possibly commit some other minor security infraction I do attempt to remember them as far as possible, but often that does not happen and it appears that home assistant is forcing users to make a password that is explicitly memorable (security risk #1) and/or record it somewhere and copy and paste it in (security risk #2) And remembering 300+ individual and unique passwords is just not an option. The levels of trust I have are those employed by the major browsers and my operating systems, however, the clipboard buffer is not secure. I do in fact take security to the next level. I have banking and stock market apps that my systems offer to remember passwords, but my home automation server… it has deemed password management too sensitive to allowed to be saved, at least that’s how I’m seeing There are certain levels of trust and copy and pasting passwords from one app to another and having the clipboard buffer available to any other service that happens to be running in the background is a security risk. It even affects the app in ios, so it leads one to conclude it has been purposely included by design, it’s just counter intuitive to “the norm”. ![]() I do not have this issue with any other website or app. Not really.īut if anyone knows what the best way to maintain user passwords for home assistant, I’d be much I agree, it’s home assistant, not google chrome, not firefox, not apple ios or mac osx. ![]() I’m thinking I should just use “password” make it as insecure as possible. I thought I would remember it this time but sadly I have forgotten. Last time (before the reinstall) I think I needed to create a new admin account and move everything over. I can’t help but think this is by design and intentional. I’m still logged in on each of the other devices, but I can’t change the current password without knowing the current password. ![]() It is not saved in any store on any device. I did a full reinstall a ways back and signed into it again using the one account but again, the iOS app, chrome on iOS, chrome in OSX on MBP, Firefox on Linux and app and website on the iPad, but now I want to sign in on a new system and again I can’t locate the password anywhere. Anytime I need to log in via a new device I need to create a new account as I don’t recall the password I used initially and there is no option to save.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |