Maybe unpopular opinion: text entry boxes for passwords should show them as ***** only if it's not stored in recoverable form. UI that just blocks casual extraction builds a false mental model of the security properties of the system.
Conversation
Replying to
Reminds me of how on Android (6, at least) if you go edit a Wi-Fi connection it will refuse to show you the password, but you can ask it to generate a QR-code that will contain the password in plaintext
2
3
12
Android 11 shows the passphrase below the QR code. The share screen requires authentication, so the reason it isn't shown in the settings is likely because they wanted to require authentication beyond the device being unlocked. Seems obvious to show it as text there in hindsight.
1
There's a toggle for whether passwords are shown or hidden as asterisks (default is shown). This isn't about that but rather is part of requiring authentication beyond the device being unlocked to change sensitive settings (like enabling developer options) or view sensitive info.
A device owner will often share access to their device without setting up a user profile for that person. There's still a security model in place in that kind of situation. Similarly, the ability to allow apps to do scary things in the background without a notice has gone away.
1
So it's a lot harder for someone you gave access to your phone to set up apps to spy on you. There is more that could be done in these areas. There is a real threat model for it and I think it's one that impacts people more than a lot of what security people are more focused on.