Replies: 41 comments
-
Imo this should definitely remain an addon due to potential security risks which might make NVDA a no go for corporate environments. such a setting will never be accepted by sysadmins. Cc: @gerald-hartig |
Beta Was this translation helpful? Give feedback.
-
From what I understand, the feature would remain in an add-on. The scope of this request is that the add-on coud use a decider extension point instead of monkey patching a core function. |
Beta Was this translation helpful? Give feedback.
-
Hello. As Cyrille mentioned, my first purpose with this issue is to use a decider in the reportPassword add-on insteas of patching a function. |
Beta Was this translation helpful? Give feedback.
-
Imo having this setting in core is a security vulnerability, especially for beginners who might enable it accidentally. For sysadmins this would be a no go, especially when they need to provide remote assistance and the user hears the password when the sysadmin enters it.I agree an extension point might be helpful, but me at least vote against having such a setting in core.Von meinem iPhone gesendetAm 29.11.2024 um 14:33 schrieb Noelia Ruiz Martínez ***@***.***>:
Hello. As Cyrille mentioned, my first purpose with this issue is to use a decider in the reportPassword add-on insteas of patching a function.
Anyway, this may be implemented in the core, for example in keyboard or advanced settings.
Sometimes to be informed about the typed password may be considered more secure than typing a wrong password, for example if the screen curtain is active and we use headphones.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Our preference is incorporating the setting directly, and binding a key command to it, rather than the extension point. If this setting gets incorporate is there still a usecase for the extension point? |
Beta Was this translation helpful? Give feedback.
-
@seanbudd , I think that if we incorporate this in a setting, we don't need an extension point. I'll create a PR including this in keyboard settings and assigning it the NVDA+x command. X may mean something hiden, like in equations, and NVDA+p is used for punctuation. |
Beta Was this translation helpful? Give feedback.
-
@seanbudd please reconsider this, given my comment above. I think we need more community feedback on this, since e.g. Narator does not provide such a setting due to obvious reasons. System admins will definitely take this into account when deciding which software is allowed. cc: @gerald-hartig, @jcsteh I will definitely send this issue to all community groups to start a discussion on regarding having such a setting in core. |
Beta Was this translation helpful? Give feedback.
-
@Adriani90 , smart phones have this option, accessible with screen readers. What I mean is that your proposal is valid, of course, but not obvious. |
Beta Was this translation helpful? Give feedback.
-
I am not against optionally echoing typing in protected fields. Though, I vote against assigning a default gesture, especially an easy one. With a default gesture, there is too much risk that someone inadvertently enable the feature by mistake. |
Beta Was this translation helpful? Give feedback.
-
@CyrilleB79 , your explanation about a default gesture makes sense. I'll leave the command unassigned. |
Beta Was this translation helpful? Give feedback.
-
I don't agree with implementing this feature in the core. It might be useful in certain scenarios, but I'm worried about what IT admins might think. How do other screen readers handle this? |
Beta Was this translation helpful? Give feedback.
-
I don't see the difference, in terms of security, of having this setting in the core or in an add-on. |
Beta Was this translation helpful? Give feedback.
-
Since this is being discussed on NVDA groups, this is a summary of my replies:
|
Beta Was this translation helpful? Give feedback.
-
Adding the option in advanced settings is useless. Either we consider the option secure enough and we add it in widely accessible settings. Or we consider that the option is not secure enough in all cases and we keep it as an add-on. This option, if made available, should not be available for advanced users only or upon request of a helper person. Thus it has not its place in advanced settings. Also, regarding security, if the option is in advanced settings or not has no impact: any script or program having write access to |
Beta Was this translation helpful? Give feedback.
-
Hi, as i don't see the real benefit of this function, and see it as a fancy gadget, because even jaws is not implementing it, for the security reasons i am against it being in the NVDA core, because of the corporate environments. It admin can then be against NVDA in the corporate environment because of this. |
Beta Was this translation helpful? Give feedback.
-
Hi, I pasting my comment here as @seanbudd suggested. I just had an idea for echoing when typing passwords. I don't know if it has been discussed previously, I don't want to read the entire message thread... Initially, it could be implemented in an add-on for testing. A custom dialog could be implemented where the user can type the password, and when they press OK, NVDA will type the password in the focused field. The flow would be like this:
Optionally, the user can press escape and cancel the dialog. This way braille users will also be able to know what they type in the password field, so it's even better. I'll also comment on the existing add-on to speak in the password fields. I think it would not be necessary to eliminate it. The general concern, at least on my side, is in corporate environments. Administrators can control which add-ons will be installed. Furthermore, whoever wants to use the add-on can always find it in other sources. But I recommend considering my idea as a possible solution, tell me your comments and opinions on it. |
Beta Was this translation helpful? Give feedback.
-
@davidacm , inspired by your idea, I have another one. I thought that your proposal has the disadvantage of showing passwords, even with small characters, but we aren't sure if they can be seen or not. |
Beta Was this translation helpful? Give feedback.
-
Also, with this proposal options may be added to listen or not, and displaying in braille or not, the ped password. But, since it would be part of NVDA, it wouldn't affect to remote connections since it should be activated by a dedicated keystroke or a menu option in NVDA. |
Beta Was this translation helpful? Give feedback.
-
Thanks for continuing this valuable discussion.I think storing the password might be risky because there could be cases where an user enters a password in the HTML virtual window and might do other things before entering it in the actual password field. So as long as the password is stored the user is exposed to hacking, unless there is a method to encrypt the stored password securely until it is entered in the actual password field.Imo a separate dialog wouldn‘t work, because NVDA doesn‘t show dialogs on Windows secure screens or at Windows login promt. Or am I wrong?So is it not possible to show a similar field like the speech viewer next to the password field when the setting is enabled?It would just show what NVDA is speaking when typing the password.Von meinem iPhone gesendetAm 09.12.2024 um 06:14 schrieb Noelia Ruiz Martínez ***@***.***>:
@davidacm , inspired by your idea, I have another one. I thought that your proposal has the disadvantage of showing passwords, even with small characters, but we aren't sure if they can be seen or not.
Then, I have thought that an input password, for example in HTML, can be created with a checkbox to show or hide it, optionally. Then, when pressing OK the password would be stored in a variable, and with a keystroke, using brailleInput.sendChars, it may be writen in the password field without using the keyboard.
I'm not comfortable maintaining the reportPasswords add-on after this discussion, and this may be used if someone needs it.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I think that the password can be stored in an NVDA variable before entering on a secure screen, and I don't see an easy way to show this variable unless the Python console is used. https://docs.wxpython.org/wx.TextEntryDialog.html |
Beta Was this translation helpful? Give feedback.
-
But how does the speech viewer work then? Does it currently store the speech output in any variable?Von meinem iPhone gesendetAm 09.12.2024 um 06:49 schrieb Noelia Ruiz Martínez ***@***.***>:
I think that the password can be stored in an NVDA variable before entering on a secure screen, and I don't see an easy way to show this variable unless the Python console is used.
For reference, we may use this:
https://docs.wxpython.org/wx.TextEntryDialog.html
@davidacm , if you want to create an add-on, I'll remove reportPasswords from the store so people is not confused with two similar add-ons.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
@Adriani90, NVDA can display dialogs on secure screens. At least, the NVDA native ones. I don't know if an add-on could... It used to work in add-ons I think, but I don't know if something has changed. It means that at least if implemented in the core, a specific dialog for passwords is possible. @nvdaes, I don't understand the idea of HTML very well, is it about how to design the dialog to enter the password? |
Beta Was this translation helpful? Give feedback.
-
@davidacm , I thought about HTML since I didn't know the exact way to create passwords with WX, then I thought in using JavaScript in some way. I use JavaScript in the readFeeds add-on to add ability to convert feeds into HTML, with ability to copy info to clipboard. |
Beta Was this translation helpful? Give feedback.
-
The arguments I've seen against this feature aren't very compelling. Someone remotely controlling my computer could type their password into it, and I would be able to hear it. IT administrators might not want this feature to exist. The advantages outweigh the downsides:
This is a clear accessibility improvement for people who need it. You can argue against a lot in the name of security. In the case of the Report Passwords addon, I simply don't have to install it. |
Beta Was this translation helpful? Give feedback.
-
Maybe I should have asked before, but: I seem to recall that during a remote assistance on my computer, remote keystrokes did not appear in NVDA's log (debug level). I do not remember very well so just would like to be sure. I hope that NV Access (@gerald-hartig or @seanbudd) continue to follow this discussion and think about it. There has been a quite strong push of the community to be careful with this feature; and I am not totally sure if it is really justified. |
Beta Was this translation helpful? Give feedback.
-
@CyrilleB79 and others: what if NVDA, when the speak password options is active and the focus is protected (i.e., when a password field is focused) opens a message box to be accepted by the user? If the user press the cancel or No button, focus should be protected again. |
Beta Was this translation helpful? Give feedback.
-
For all, I copy here a part of my message sent on the add-ons mailing list:
In order not to discourage people imagining solutions, @gerald-hartig could you confirm that NV Access would agree to accept a solution provided both sighted and blind people are correctly warned when echo typing is enabled in protected fields? Thanks. |
Beta Was this translation helpful? Give feedback.
-
@nvdaes thanks for your great thoughts in this regards. You wrote:
I love this idea actually because it makes clear for both sides that the password will be hearable. A dialog might be annoying though because a user would have to confirm it every time when password field is encountered and this happens very often. @CyrilleB79
I am working in a non governamental bank and I know quite good what GDPR means and how data privacy and subjective security are tackled. In case of remote assistance, yes this is a real live example, and that's why I brought this point in the advisory group. We for example have many remote assistance cases, bot internally and externally. and when we want to see a specific beavior in an account or so, then we request the person to enter the password, identify via his or her second device through 2 factor autentification etc. |
Beta Was this translation helpful? Give feedback.
-
To be clear, although I did say that I believe it is valid to say that a
sighted person has an advantage over a blind beginner user as they can
see the keyboard as they type their password, I did not necessarily say
that I truly believed that NVDA should actually have this feature.
True that there are some proposed solutions here that seem to mitigate
the security worries, But they all require some kind of implementation,
and therefore the burden of actually maintaining these solutions.
I think there are many more higher priority issues that would have a
much larger impact that we could be spending our time on as a community
right now frankly.
|
Beta Was this translation helpful? Give feedback.
-
@CyrilleB79 to answer your question, in light of the enthusiasm (bordering on, shall we say, passion?) for this issue, I want to give a very cautious, qualified, tentative answer. Nobody wants to feel like they’re playing digital pin-the-tail-on-the-donkey when they're entering a password, so if the community can suggest a secure way to address this use case in a way that the benefit justifies the effort, yes we'll consider it. But talking about warnings, tooltips, dialog boxes – oh my! It seems we're rapidly approaching a point where entering a password will require the signing of a legally binding document in triplicate handled by an entire library of code. I'd like to amplify @michaelDCurran's comment above. Maybe we could redirect some of this creative energy towards those aforementioned higher priority issues? Just a thought. https://github.com/nvaccess/nvda/issues?q=is%3Aissue+is%3Aopen+label%3Ap1%2Cp2 |
Beta Was this translation helpful? Give feedback.
-
Is your feature request related to a problem? Please describe.
Some users may want to listen typed characters in protected fields, for example to be sure that they are typing passwords correctly.
Some add-ons were created for this, and they patch the
isTypingProtected
function.Describe the solution you'd like
Add a decider extension point replacing the current
isTypingProtected
function, available in the api module.Describe alternatives you've considered
An option to speak characters in protected fields can be included in Keyboard settings, in NVDA's core. This would replace the reportPassword add-on, available in the store.
Additional context
This was discussed years ago in a spanish mailing list, and a teacher mentioned that this may be useful for students.
Beta Was this translation helpful? Give feedback.
All reactions