Why is Slack storing passwords in plain text on Android devices?

https://mas.to/@cubicgarden/105712244073779967

I posted about Slack’s bug on mastodon. I knew this was going to be a pain the ass changing all those passwords, even with them all sitting in my password manager and most using 2fa.

However some of the users of Mastodon asked the question, why does the Slack app store the passwords on the device at all?

I thought about this and they are right. The app connects to a remote server and should request the user login. Once logged in, it should provide some kind of secure key/cookie/hash on the device not the actual password. On top of this, it certainly shouldn’t be in the form of plaintext.

Mistake, bug or not, this should not happen.

Author: Ianforrester

Founder and firestarter of cubicgarden ltd. Emergent technology expert, public service supporter, defender of human scale flourishing, city dweller, European at heart and social geek event organiser. Captivated by the digital legacy, future of dating, human data interaction, self-hosing, personal data, open-source, house music, neurodiversity thinking, kindness and collaborative futures for all. Can be found at cubicgarden@mas.to, cubicgarden@twit.social and cubicgarden@blacktwitter.io View all posts by Ianforrester

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28

Related

Author: Ianforrester