FAQ(?)/Request: Reveal passwords?

[guttyguppy]

Right now, perfect example of why I wish the passwords could be in plain text. I lost the cpanel login for one of my sites, which is the same aas my ftp login. I'd love to just open yummy and retrieve the password that way, but instead I'll have to go through the hosting provider and it will take a while. I know it's my fault for not keeping better rack of my passwords, but like I said I'm a scatterbrain nitwit and I'll never change.

[paulc]

Since the advent of the Keychain in OS X, I made sure all ftp site passwords were stored in there... where they will always be available (I back up all my stuff). I used to store passwords in Yummy, but no longer. I suspect there may be some architectural issues, keep in mind that FTP Aliases no longer need the underlying application to function, meaning they are distributable. If passwords were in plain text, they could be retrieved from your droplet.

[spacific]

Yep, as paulc says, and I said before, use Keychain!!

[JD]

I agree that Keychain should be used.

The proposed new feature in this thread was to allow you to display the password from the Keychain without having to trawl though Keychain Access to find the correct entry and then display the password there - rather, the feature in Yummy would ask you to provide your Keychain password (as a means of authentication), then display the password in plain text. It's a convenience feature.

Any option that allows you to see the password in plain text that is stored inside a Bookmark itself is a security risk, and so I won't be adding that. Obviously, the Bookmark credentials are highly encrypted - there is no way you could find the password stored inside a Bookmark simply by examining the Bookmark file.

[paulc]

Ah, but I believe a search function was added to Keychain Access under Tiger. Makes it FAR easier to find something in there.

But, something seems troubling. In KA, you must re-enter an admin password to read the password of any entry. Even if the keychain was by default "unlocked." If Yummy provides a direct link to that function, will it also require an admin password to show the password?

[JD]

I didn't notice the Search capability, I have to say, but it IS there...

Yes, you would need to authenticate just the same way as KA forces you too.

[JoeyBootz]

I just want to add my 2 cents. A perfectly valid reason to find out your long-lost hidden passwords is this. I've set up Yummy over a year ago to log in to my server. Everything worked perfectly and still does. But recently I've upgraded my hosting to allow shell access. I didn't have money at the time for the upgrade. So now I need the password to log in from the terminal. Yummy won't give it up. 1Password doesn't know what it is because I bought it after I told yummy what the password was. (BTW 1Password is GREAT!) And I've never had much luck with the Keychain/Yummy integration. It used to "forget" passwords all the time, I'm not sure why. So I've gone back to having Yummy hold onto the keys.

Anyhow...I could phone up customer support to find(reset) my password, but I would rather pull my teeth out with a stapler dipped in poo than phone up HostGator again

[JD]

Ouch! That sounds nasty... 

I hear you. The discussion up 'til now revolved around accessing your password that is stored in the Keychain, not Yummy itself, but I can see that it would be useful too...

[paulc]

Might this work... password is encrypted in a old Yummy bookmark. IF one set the pref in Yummy to keep passwords in Keychain, once you use that bookmark, might one expect it then gets stored in Keychain?

[JD]

Yes, it would.