<![CDATA[[Solved] Phone security: passwords are still shown after session is removed]]>Dear Opera team,

I had an event where someone shared the phone lockscreen PIN to phone technician.

I've suggested to logout to all active Opera session in order to prevent any malicious "peek" to saved passwords of Opera.

This is possible via:
auth.opera.com/account/edit-profile -> Manage your logged Opera account sessions

Even if removing all sessions worked, when the phone returned from repair, you could still check synchronized password by using the PIN. The only thing that changed was a message: "Sync is paused"

I would suggest, for security reasons, that once a session is removed everything that synchronized between devices is hidden. This is to prevent such cases where phone PIN is compromised.

]]>https://forums.opera.com/topic/50458/solved-phone-security-passwords-are-still-shown-after-session-is-removedRSS for NodeSat, 06 Jun 2026 00:00:59 GMTMon, 19 Jul 2021 10:52:16 GMT60<![CDATA[Reply to [Solved] Phone security: passwords are still shown after session is removed on Tue, 20 Jul 2021 08:05:17 GMT]]>@leocg
I believe the only misunderstanding was to use Opera password sync as a safe Password Manager instead as the use case you explained.

Thank you for the answer and explanations.

]]>https://forums.opera.com/post/257669https://forums.opera.com/post/257669Tue, 20 Jul 2021 08:05:17 GMT<![CDATA[Reply to [Solved] Phone security: passwords are still shown after session is removed on Mon, 19 Jul 2021 13:16:56 GMT]]>@dario3004 It seems that you are misunderstanding what synchronization is (for).

Synchronization is not for you to temporarily access your data, but to allow you to have the same data on all your Opera installations in your computers.
You should never login to your Opera account, to any account, in a device that is not yours. If it's absolutely necessary, do it in private window /mode, make sure that password is being saved, change the password as soon as you access your own computer. And have 2FA enabled in all possible services.

]]>https://forums.opera.com/post/257622https://forums.opera.com/post/257622Mon, 19 Jul 2021 13:16:56 GMT<![CDATA[Reply to [Solved] Phone security: passwords are still shown after session is removed on Mon, 19 Jul 2021 12:17:24 GMT]]>@leocg

Thanks for the answer.

With this approach there's no way to prevent all passwords to be leaked if OS credentials are compromised or if someone forgot to log off 'Opera sync' from a public device.

I believe that a more secure approach would be to clear passwords (history, tabs, etc) when session is revoked.

Hope that we'll see this security improvement in the future.

]]>https://forums.opera.com/post/257619https://forums.opera.com/post/257619Mon, 19 Jul 2021 12:17:24 GMT<![CDATA[Reply to [Solved] Phone security: passwords are still shown after session is removed on Mon, 19 Jul 2021 11:43:46 GMT]]>@dario3004 Passwords are stored locally, encrypted using your OS login credentials and have nothing to do with the fact that you are logged in to your Opera account or not.

]]>https://forums.opera.com/post/257616https://forums.opera.com/post/257616Mon, 19 Jul 2021 11:43:46 GMT