Learning Center/Support and Feedback/Feature Requests
PlannedDoneNot planned
Make it possible to "see" (un-hide, un-star) the passwords in your "Manage Apps" interface
Chris Dansie
suggested this on February 12, 2010 12:39 pm
My thinking is this. I have a lot of apps I'd like to put really long passwords on to make stronger..encouraging the use of strong passwords. I'd also like to use a different password on each app (which is a best practice of course).
Problem is sometimes I may have to by-pass Onelogin (like for an iPhone app) and I have to lookup the password. If I can't un-hide in OneLogin then I must keep a separate list of passwords. Since it needs to be electronic for convenience I must put in a text file on my desktop or something. Yuch...bad security there.
What I'd love is a Single-sign-on service that is also my secure password storage service.
Comments
We already have some functionality planned in this area. For example, you will be able to automatically generate strong passwords where ever you see a password field in OneLogin. And you will be able to stored passwords to your clipboard for easy pasting into other applications. This will make provisioning users a lot easier. As for the mobile support, we'll keep you posted. :-)
Your clipboard approach would work great...as that way it doesn't ever get printed on the screen (that is good) but if you really need to see it you can copy-paste to Notepad or something for visual inspection.
You might consider making the availability of this feature a configuration setting of the Admin. Meaning for a corporate user the Admin may disable this feature so that standard user cannot "copy-paste" to a text file. Idea being that Admins may need to grant an employee access to an account with un-disclosed shared password. This way access is granted but the shared password is not ever visible.
"What I'd love is a Single-sign-on service that is also my secure password storage service."
Totally agree. We have several products/apps/services that don't necessarily have web logins, but we want a secure place to manage/share/obtain credentials. It would be great to be able to create a custom "app" that just doesn't have a URL/login feature. This would otherwise work the same way other onelogin apps do (e.g. I can assign it to different roles, and create a single account that can be shared with roles, and I can chose to manage my users credentials or let them do that on their own) - but when a user clicks on the app they see their username and can copy the password to the clipboard (or see).