Option for Face ID to see passwords

[nicholashanoian]

Really enjoying this app! I would love to see Face ID included.

[savyajha]

Or touchid. Just sayin’ 😁

[yishilin14]

I think this is (kind of) a duplicate of #96 .

I guess there should be three options about remembering the PGP key passphrase? Say

• Use Face/Touch ID or enter passphrase
• Always remember the passphrase
• Do not remember

Do you guys have any suggestions about the wording?

[savyajha]

Fwiw, it would be really nice if there was an option like what gpg-agent has. A combination of default-cache-ttl and max-cache-ttl. Once the pgp key password has been given, default-cache-ttl becomes the time for which you can use your fingerprint (or face) to unlock the database. max-cache-ttl should be the time after which you must enter your key password to be able to use the application.

In other words:

• default-cache-ttl: Once you use your password to unlock the key (which then unlocks your passwords), this is the time for which your password is cached by the app and you can use your fingerprint to unlock the key. Say I keep it at 600s. That means that after I've given my password once, I don't need to give it for the next 600 seconds: my fingerprint should be enough. If I use my fingerprint within these 600 seconds, the timer resets back to 600 seconds and the countdown begins again. If I don't use my fingerprint within 600 seconds of the previous unlock, then the app will require my password again
• max-cache-ttl: The time between two successive password unlocks. Suppose the value is set to 7200s, and I use my fingerprint to unlock every 599 seconds (with default-cache-ttl = 600s), then after 7200 seconds, it deosn't matter what the value of the default-cache-ttl timer is, I must enter my password to be able to unlock my key

This is what 1password uses, and I really love this implementation. I hope I'm not asking for too much here. I don't have enough coding experience to be able to provide a patch, else I would, just for this feature.

[goerz]

Not that I would mind having the option, but I really apprecitate that Pass effectively uses my face as a username, not as a password. That is, it uses FaceID (or TouchID) to open the app, but I still need the GPG password for viewing any passwords. That's 100% the way encrypted storage of highly sensitive data should work.

[chriswill0w]

are there any plans on implementing such a feature?

[yishilin14]

I have been thinking about why this function is necessary for a while. If the ultimate goal is to use biometric authentication or a very strong password to secure contents in entries, I think enabling passcode lock to the app with a very strong password can do the same job. I guess I am a minimalists. XD

[EDmitry]

It's needed if you unlock the phone and give it to someone (your kids) to play a game. You don't want them to just freely open Pass and start seeing passwords. Using FaceID/TouchID is the easiest way to protect Pass in this cases without having a burden to type in passphrases.

[xpire]

I don't know if this was added recently as I just started using this, but to set up FaceID, you need to set up Passcode Lock (password at least 4 characters, but alphanumeric) for passforios, and then the next time you visit the pass app, it'll pop up with a prompt asking you if you would like to use Face ID to secure this. The result is every time you go to the passforios app, it'll prompt for Face ID to check your passwords. I saw another thread asking for password specific FaceID, but I'm pretty happy with how it is implemented now, just letting anyone who's reading this how to set it up because I didn't find it obvious based on the settings page and the Wiki.