goldwarden
goldwarden copied to clipboard
Biometrics Prompt Should Not Ask For Permission Twice
Right now there are 2 prompts, one for authentication (polkit), and one for approval. It would be nicer to just have 1 prompt. Some polkit (or pam) authentication modules don't require interaction (f.e howdy). I'm not sure if we can detect this.
If we just accept this, then the "risk" would be that, using a no-interaction required auth method, a malicious app could trigger the biometrics prompt, and instantly get the vault user key from goldwarden, while the user is sitting in front of their computer.