When I was looking into the code for the secure store setup I came across some items which I think is incorrectly done.
First I notice that the password is not of secure string is that right?
```
# Set the field values
$secureUserName = ConvertTo-SecureString $unattendedAccount.UserName -AsPlainText -Force
$securePassword = $unattendedAccount.Password
$credentialValues = $secureUserName, $securePassword
```
2. The password field mask is set to false instead of true
```
# Set the account fields
$usernameField = New-SPSecureStoreApplicationField -Name "User Name" -Type WindowsUserName -Masked:$false
$passwordField = New-SPSecureStoreApplicationField -Name "Password" -Type WindowsPassword -Masked:$false
$fields = $usernameField, $passwordField
```
Hope you can fix it for the next version .
Cheers
Nicholas Ang
Comments: ** Comment from web user: brianlala **
First I notice that the password is not of secure string is that right?
```
# Set the field values
$secureUserName = ConvertTo-SecureString $unattendedAccount.UserName -AsPlainText -Force
$securePassword = $unattendedAccount.Password
$credentialValues = $secureUserName, $securePassword
```
2. The password field mask is set to false instead of true
```
# Set the account fields
$usernameField = New-SPSecureStoreApplicationField -Name "User Name" -Type WindowsUserName -Masked:$false
$passwordField = New-SPSecureStoreApplicationField -Name "Password" -Type WindowsPassword -Masked:$false
$fields = $usernameField, $passwordField
```
Hope you can fix it for the next version .
Cheers
Nicholas Ang
Comments: ** Comment from web user: brianlala **
I'm not sure that the password is ever displayed or saved anywhere (except of course the XML). So, closing this issue unless you feel there is a real and demonstrable security vulnerability.
Thanks,
Brian