Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes and no. If you're in the Keychain.app a user expects security question for revealing passwords.

On the other hand: if you in a third party app you just click "allow" and the app can use that password. Let's read that again: an arbitrary third party app … has access … to a password … by just clicking a button. You have probably done this many times (if you're using a Mac), but without thinking much about it (convenience).

Obviously there must be a way so that everyone can write a little app, request and access a password with a single mouse click and then show it in plain text.

(Always under the assumption that the keychain is already unlocked.)



> On the other hand: if you in a third party app you just click "allow" and the app can use that password. Let's read that again: an arbitrary third party app … has access … to a password … by just clicking a button.

It's possible to require the master password for each password release, though that is not the default and — in 10.6 — it seems there is no way to enable this globally, it has to be set individually per password as far as I can see.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: