KeePassium icon indicating copy to clipboard operation
KeePassium copied to clipboard

Published 20 hours ago verified publisher icon keepassium

Autolock the vault when macOS session is locked

Open rghedin opened this issue 2 years ago • 1 comments

What can be improved? I noticed that even fiddling with Control Access options, there's no option (AFAIK) to lock the vault when I suspend the session (close the lid, block it manually with Command + Control + Q, or macOS shows screensaver or enters sleeping mode). Some other apps, like KeePassXC and MacPass, have this option, and I find it valuable so if someone bypass my macOS password/login, they still won't be able to access my passwords. (When I'm using the computer, I usually leave Keepassium opened/vault unlocked for convenience.)

The solution you'd like An extra option to lock the vault whenever the session is locked.

rghedin avatar May 07 '22 13:05 rghedin

Thanks! I will look into this.

keepassium avatar May 07 '22 20:05 keepassium

@keepassium, honestly, this can be considered a security issue for the following reasons:

  • When macOS is in sleep mode or hibernated Keepassium will stay unlocked and thus exceed the specified timeout of automatic lock. It is thus theoretically possible for the attacker to e.g. close the lid, steal the computer, and then with specialised software to reach Keepassium before it locks itself.
  • On older x86 laptops hibernation is used to reduce battery drain, and thus the OS stores RAM contents on the system drive. The image is encrypted, but depending on the machine firmware and generation (Apple eventually fixed it on newer x86 machines after my report) the key can be stored in SMC or even RTC device, and can be extracted with not too strong effort given physical access.

Could you consider prioritising this please?

vit9696 avatar Aug 24 '23 20:08 vit9696

@vit9696 , I agree, this can be considered a security issue. It's just I did not focus on the Mac version too much so far.

This looked simple enough so I went ahead and implemented the database and app lock. However, this must be optional (many people close/open the lid every few minutes in a safe/trusted environment.) And that option is for Mac only. So I'll need to rewrite the settings UI to make it dynamic and hide irrelevant options in mobile version. And that will take some time…

keepassium avatar Aug 28 '23 13:08 keepassium

On a second thought, this does not have to be a separate option. Screen locking/unlocking on a Mac can be wired just as app activation/deactivation on iOS. This way, it would simply work with the existing timeouts, no need for additional UI.

For instance, setting the App Lock timeout to "immediately" would lock the app when you close the lid. If the timeout is set to something longer, the app would check the time on screen unlock, and act accordingly (just like it does on iOS). Same for database timeouts.

@rghedin, @vit9696, would this work for you?

keepassium avatar Aug 28 '23 16:08 keepassium

Hmmm, personally I would prefer on iOS it to work the same way it does on macOS, but I am unsure it is possible.

I.e. when I press the power button on my phone or my tablet, I would like the thing lock. Yet, when I simply switch to another app I would rather it not lock, because I can be copying some valuable information from one field and may want to return for another field.

If this is not possible, locking the app immediately when switching to another app can be a temporary solution till a better API is available on iOS side.

vit9696 avatar Aug 28 '23 16:08 vit9696

I guess it does, @keepassium! This is exactly how I use KeePassium on iOS, with “immediately” selected.

rghedin avatar Aug 28 '23 16:08 rghedin

Thanks! So I have routed screen locking/unlocking as app activation/deactivation events. This will be in the next update, and we'll iterate and refine from there, if needed.

keepassium avatar Aug 29 '23 12:08 keepassium

@keepassium, I think it does not quite work the way it was changed in the latest update and is now totally broken.

  1. Hiding the app via Dock locks the database when "immediate" is selected. This is unexpected to me, as I only expect screen locking/sleep to do that.
  2. There is no way to lock the application after a timeout anymore. I.e. for a scenario when I am using the computer but not using the password manager. I personally prefer to have master key erased after a certain amount of time in case the device is compromised.
  3. For whatever reason last password entry after locking the screen remains visible after unlocking the screen and its password is in fact copyable despite the database itself being locked. This is in fact a bad security bug.

In my opinion, besides fixing (3), on macOS screen lock should lock the database at any database locking timeout. I.e. regardless of the setting.

vit9696 avatar Oct 07 '23 18:10 vit9696