Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow existing password to be used instead of generated one #4

Open
sebbASF opened this issue Dec 11, 2019 · 7 comments
Open

Allow existing password to be used instead of generated one #4

sebbASF opened this issue Dec 11, 2019 · 7 comments

Comments

@sebbASF
Copy link
Contributor

sebbASF commented Dec 11, 2019

It might be useful to allow users to specify the initial password for a seed.
This would allow migration from another password database.
@gstein
Copy link
Member

gstein commented Dec 11, 2019

True. I manually filled in .otp from my Keychain on my old Macbook. An argument to query for the password (rather than auto-generate) would enable a user to go track down the password and then properly enter/format that into the .otp file.

@gstein
Copy link
Member

gstein commented Dec 11, 2019
edited
Loading

Oh. Maybe .otp could have a # option: ask as a configuration choice (in addition / alternative to a command line argument). Second, when prompting for a password, [empty] could tell the script to generate the password. Something like:

Password for $seed? [empty to create a new password] :

Thoughts/preference?

@sebbASF
Copy link
Contributor Author

sebbASF commented Dec 11, 2019

I was thinking that of a separate setup operation, e.g.

otp.py --init-password seed [--force]
This would check for an existing password, and if not found, allow the user to provide one.
Report an error if one was found and --force not used.

Also it could always prompt for a password if none exists; empty reply means generate.

@gstein
Copy link
Member

gstein commented Dec 11, 2019
edited
Loading

How about --ask-password seed and it fails if a password is already present. Thus, no need for a --force solution.

I do like the idea of prompting, and then generate if [return] is pressed (rather than silent generation). (and maybe error if anything entered is less than (say) 10 characters)

@sebbASF
Copy link
Contributor Author

sebbASF commented Dec 11, 2019

I added --force to allow a user to correct a stored password.

@gstein
Copy link
Member

gstein commented Dec 11, 2019

Gotcha. I have an aversion to --force due to Subversion development when we grew --force options on many commands, each of which did something different. Eventually, we decided to deprecate --force and go with descriptive options like (say) --create-parents instead.

Given that, I'd suggest something like --update-password or just --update (and --ask) for command/control options.

Thanks!

@sebbASF
Copy link
Contributor Author

sebbASF commented Dec 11, 2019

Given that the password may not be recoverable if it is replaced, I think it would be best if it required an extra option to allow an existing one to be overwritten.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gstein @sebbASF