Save PWD for API Login
Closed this issue · 1 comments
Can we have a Option to save the Password for API Login?
I use API Login only in my local Network and a startup without typing my Password would great.
That would mean exposing the password. Saving the master password compromises the security.
This is an Open Source project, meaning that no matter what I use to obfuscate/encrypt the password it can be reversed. Think of it like this:
If I have your Bitwarden encrypted data I could try millions of millions of combinations before actually decrypting the data; if I have your password I just need to feed the encrypted data and the password to the algorithm used by Bitwarden to obtain the data. Same applies here, if you save your password the method and everything needed to decrypt it is already on the code.
Other methods are insecure as well, like passing the password as a command line or having a separate file with the password on it as either need the password to be in plain form or obfuscated/encrypted with an algorithm within the code (same issue).
Now, the application doesn't need to restart, you can leave it running 24/7 (my last uptime was 19 days before a MS Update needed the PC to reboot). I think using your master password twice a month is not that bad. But if you still want a passwordless option you could automate with AutoHotkey itself.