Security Concern when Entering your Arm/Disarm Code on the Mobile site

[Shades]

I did a search and couldn't find anything related, probably because I am not using the right terminology. Sorry.

But I find this a security issue when using the mobile site to arm or disarm the house, when you type in the TEXT BOX to enter your house code it displays the numbers. And if you have "auto form complete" option set to ON it saves what you have typed, so if someone steals your phone they just click on the box and it shows what you have previously entered.

Can we change this TEXT BOX to a PASSWORD BOX where it shows **** after entering characters​, and doesn't save your entries.

I apologize if this is not the right place to post this, please let me know where the right place is and I'll repost my query.

[Crikey]

And if you have "auto form complete" option set to ON it saves what you have typed, so if someone steals your phone they just click on the box and it shows what you have previously entered.

You make a good point, in my opinion, but, also in my opinon, I'd argue that having an unlocked mobile device with that kind of access is at least as bad an idea, if not worse. If you leave your device unlocked, let your browser remember your pass code, and the device gets "borrowed," nobody'd necessarily need to see the code, would they?

(I'm assuming, from your complaint, you don't lock your device with password, pin, pattern, facial recognition, fingerprint, what-have-you.)

(Personally, given what I've seen and experienced, I don't trust Android security enough to actually enter my alarm system codes into an app running upon it, anyway. But that's a kind of side-issue.)

[Shades]

And if you have "auto form complete" option set to ON it saves what you have typed, so if someone steals your phone they just click on the box and it shows what you have previously entered.

You make a good point, in my opinion, but, also in my opinon, I'd argue that having an unlocked mobile device with that kind of access is at least as bad an idea, if not worse. If you leave your device unlocked, let your browser remember your pass code, and the device gets "borrowed," nobody'd necessarily need to see the code, would they?

(I'm assuming, from your complaint, you don't lock your device with password, pin, pattern, facial recognition, fingerprint, what-have-you.)

(Personally, given what I've seen and experienced, I don't trust Android security enough to actually enter my alarm system codes into an app running upon it, anyway. But that's a kind of side-issue.)

Regardless if I lock my device or not, why can't it be a password box so it never shows or stores your passcode? This is just a website interface through the browser, it would show up the same on iPhone devices because it's just a website link to their server.

[mwortham]

I second this. The value in this field should be masked, and should disable auto-complete in the user's browser.

For comparison, this field in the non-mobile web interface IS a password input field, and the characters you type ARE masked. Seems like an oversight on the mobile interface, IMO.

[Shades]

I second this. The value in this field should be masked, and should disable auto-complete in the user's browser.

For comparison, this field in the non-mobile web interface IS a password input field, and the characters you type ARE masked. Seems like an oversight on the mobile interface, IMO.

Thanks for backing my suggestion up.

I'm not seeing any replies by the mods or devs, wonder if my suggestion is taken into consideration.

[GrandWizard]

Sorry, yes, I forwarded this thread to the mobile portal devs. On my phone I don't see this behaviour so it may be related to specific devices.

[Shades]

Sorry, yes, I forwarded this thread to the mobile portal devs. On my phone I don't see this behaviour so it may be related to specific devices.

Awesome thanks!

This also shows up the same when I use my PC to access my system... see the picture attached.

[mwortham]

Has there been any development on this issue? I'm annoyed that this screen still stores my code and displays it to me every time I use the app...

[mwortham]

I haven't seen confirmation of a fix for this, but over the past few days this issue has disappeared for me. Shades, can you confirm? It looks like it's been fixed.

[GMc]

I noticed the issue disappeared yesterday when setting the alarm. I just logged in and see I'm on ver. 102