Apps password not visibe & cannot be copied

Hi,

I set up two factor authentication for my account and also added Apps Password however, to my surprise, there seems to be no way to actually see/copy the generated passwords as they are obstructed (not visible). Any idea how do I go about copying/pasting any one of these app generated passwords to my specific app/device?

Thanks!

Hi @NaCo and welcome to the forum.

The app passwords are displayed only once when you generate them and then you won’t be able to see them again as they are encrypted at our end and as you would expect/hope can’t be retrieved to display them to you again. This also encourages them to only be used once per device, and for you to enter them on other devices at the time you are generating them.

Depending on your devices you can often copy and paste them as you generate them from one device to another. Apple devices can do this but I am not sure if the same exists on other systems.

1 Like

Hi Dave,

Firstly, thank you for your swift reply.
Secondly, to me the adopted method is an overkill.

  1. As pointed out in the documentation, they are called Apps Passwords but they can be used on apps or devices - hence the need to copy/paste them repeatedly, at lease initially and then, occasionally as needed. The inconvenience occurs when, for whatever reason, you need to renter the password into one of previously set-up apps, but that’s just one of the apps used with one “device” password. If I don’t know the password (or I cannot copy it) and I’m forced to delete it, then I would need to go through the setup process on all the other apps covered by that specific device password.
  2. Most Android applications don’t allow copying previously used passwords.
  3. Since apps passwords are double/triple protected in the app (require entering password twice) I really don’t see the need to encrypt them in settings.

Maybe a way to circumvent these issues would be to automatically decrypt Apps Passwords when the 2nd (confirmation) password is successfully entered - the section would a sub-vault of the main vault. As you know, a confirmation password is required for multiple sensitive sections in settings.

Hello,

The app passwords I’ve used are only entered once in to any particular app and then I don’t need them again for any purpose. If I then have another app I need a password for I generate a new one. There is no need to copy/paste the password as it’s short enough to enter once or twice for a particular app. You should at least be able to copy/paste them though from the website so you can enter them in to apps on the device you are generating the password on. If you are having problems with copy/paste then that’s different and we can look in to that.

The passwords are encrypted in our system. There is no way to decrypt them again and that’s the whole point so that nobody at Runbox or anywhere else knows what they are. In case you are wondering, when you enter your password in to our system (through the website or an app) we encrypt what you enter and if it matches the stored encrypted password then we know what you’ve entered is correct. At no point do we actually need to decrypt your password (as I said we can’t anyway) and that is what makes the system more secure.

We could design a system that does what you say so that a password could be decrypted and displayed again, but do you really want us to store passwords in a way that allows them to be decrypted? You can just generate a new password and copy/paste/enter that in to a device instead :slight_smile:

1 Like

I guess you’re right - I’d rather go through more hassle at the expense of better security than vice versa. Thanks!

I should just add that I do understand your frustration with this. To some extent 2FA and app passwords are an inconvenience and that is why they work. The current challenge for providers is how to make that process more convenient and we might have some ideas about that we can implement.