WiFi Passcode shows in the clear

riban · November 15, 2020 at 1:42 PM

LibreELEC's implementation of Kodi 18.9 has a first boot wizard which nicely guides a new user through configuring the box but the WiFi passcode entry shows the passcode on the screen. Many people have large TVs in a room with public facing windows and this presents a security risk which extends beyond just the Kodi box, allowing someone to gain access to your WiFi network. In some countries (including the UK where I live) there are laws that require everyone to maintain a level of security that will prohibit unauthorised access to networks. A home owner is legally responsible for traffic originating from their network. This makes me feel very uncomfortable entering a passcode in the wizard.

Could the passcode entry use a password protection field, e.g. show * instead of the character, possibly briefly showing the entered character before changing to *.

**Klojum** · November 15, 2020 at 7:56 PM Official Post

Quote from riban

Many people have large TVs in a room with public facing windows and this presents a security risk

How often do you have strangers glued to your house windows, staring into your room, while you are entering a Kodi/LibreELEC setup..?

I think we're okay on this matter.

**chewitt** · November 16, 2020 at 2:14 AM Official Post

I'll phrase it in different terms: It's a known and deliberate design choice to show the password in clear. Users are working with an on-screen keyboard and IR remote which encourages mistakes. If you want to set the passwork "privately" accept the defaults on-screen then access the device over SSH to set the password (passwd) without being observed. You can also setup key-authentication to avoid passwords completely.

**CvH** · November 16, 2020 at 10:30 AM Official Post

Just staying, windows and typical Desktop Linux distributions have also the opportunity to just c/p the WiFi password. If you need secure wifi access then switch to device based authentication. Otherwise its is insecure by design.