KeePassium icon indicating copy to clipboard operation
KeePassium copied to clipboard

Published 20 hours ago verified publisher icon keepassium

Support Quick Unlock passcodes for databases

Open keepassium opened this issue 5 years ago • 3 comments

Currently, a database can be opened in two ways:

  • By entering a full master password.
  • Completely automatically, using the saved master key.

It might be useful to add a middle-ground solution between these extremes. Specifically, before unlocking the database with the saved master key, ask the user to enter a few first (or last) symbols of the master password. After one failed attempt, fallback to full master password.

[Thanks, u/deviltrombone]

keepassium avatar Aug 01 '19 14:08 keepassium

Considering some may be using a strong master password I propose to prefer using a simple PIN code as a "middle step" - easier and faster to type compared to for example "a5%_" (takes more time + requires the user to switch the keyboard layout a few times)

itskemo avatar Aug 02 '19 06:08 itskemo

what about things like pin/fingerprint lock for the app what's the differences?(in terms in security)

Thunder33345 avatar Aug 02 '19 11:08 Thunder33345

@id-kemo, while debugging Quick Unlock in KeePassB, its developer changed his master key to "old_master_key + a few lowercase letters". Just sayin' :)

@Thunder33345, the App Lock is independent from this, it protects the app.

The Quick Unlock password is intended for unlocking the databases, once the app has already been unlocked. It is a time/security tradeoff between the existing options: more secure than automatic unlock, but faster than entering the full master password.

keepassium avatar Aug 02 '19 21:08 keepassium