Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please allow disable of "breach check" button #4585

Open
1 task done
mcclure opened this issue Jan 17, 2025 · 1 comment
Open
1 task done

Please allow disable of "breach check" button #4585

mcclure opened this issue Jan 17, 2025 · 1 comment
Labels
bug

Comments

@mcclure
Copy link

mcclure commented Jan 17, 2025
edited
Loading

Steps To Reproduce

I got the new design on my Android phone today. I understand that the old design couldn't be kept, but I think the new one could be improved.

The new design has a little "check" button between the "copy" and "show password" option. This checks to see if the password is in a known breach dump. This is a fundamentally useful feature. However, the button is in a position which is very easy to hit by accident. It is between the eye and the copy button, both of which are buttons which potentially see heavy use. Additionally because the new interface seems somewhat small compared to other Android apps, I am struggling to see exactly what I'm doing during casual app use. While using BitWarden I found myself hitting it by accident multiple times. I do not know how your breach checking works, but similar breach check features I have seen in other software involve sending a partial hash of the password to an internet server. It is very very problematic to me that an unlabeled button which can be activated by accident would send any information about my passwords over the network, even a partial hash, and there is nothing in the interface currently to assure me this is not happening.

Expected Result

Please offer us a settings checkbox to disable the check button. It is fine to have it out by default for discoverability, but those of us who do not intend to use this feature should be able to move it out of the way (given the nonzero risk of activating it). When disabled, it would make sense to move it to the ⋮ menu (for example, ⋮ could have a menu option to temporarily re-enable the check button for the pane currently being viewed, disabling again when the pane is left) but I'd be okay with just permahiding it.

Actual Result

Check button is not in a convenient place.

Screenshots or Videos

I am nervous including screenshots of my password manager, sorry.

Additional Context

I would additionally consider it problematic that:

  • "The 'this password was not found in any known data breaches' box does not offer any breadcrumbs to finding out how you validated this information (e.g., was information sent over the network)"
  • There is no "tooltip" on the check button, ie some apps offer tooltips when you longpress a button. This is problematic because it means a user has no way of finding out what the button does without tapping it.

Build Version

2025.1.0 (19622)

What server are you connecting to?

US

Self-host Server Version

No response

Environment Details

Sony XPeria 5 III, Android 13, up-to-date

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
@mcclure mcclure added the bug label Jan 17, 2025
@bitwarden-bot
Copy link

Thank you for your report! We've added this to our internal board for review.
ID: PM-17221

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mcclure @bitwarden-bot