Disable WebDAV password view

WalccMan
When setting up WebDAV sync, next to the password is the small eye symbol which allows you to view the entered password. Anyone opening Zotero on my device could easily grab my password this way. Might there be a way to disable the possibility to view the entered password after sync is set up successfully?
Best, GN
  • dstillman Zotero Team
    edited 2 hours ago
    The eye button comes from the underlying Firefox platform on all password fields. I'm not sure if we can disable it, but having it there is really more honest — you should generally assume that someone with access to your unlocked OS account has access to your passwords, unless they're in a locked password manager. Passwords in Firefox (and therefore Zotero) aren't stored in plain text on disk, but they're decryptable unless you use a master password, which wouldn't really make sense in Zotero (since you would have to enter a password on every startup before it could sync).

    In a future version, we may be able to store passwords in the OS keychain, in which case it might be more appropriate to make it impossible to view the password, since you wouldn't be able to extract it from files on disk.
Sign In or Register to comment.