Closed kraoli closed 3 years ago
This is expected behavior, it allows users who manually copy their password to be able to return to the screen they were looking at if they were quick enough to reactivate the screen on their device.
The setting description can be changed to be more precise, what do you propose?
The description has been changed from
Lock the database when the screen is off
to
Lock the database after a few seconds once the screen is off
Thanks for the reply and good explanation. I understand the idea why it's like this now as well.
When I could choose, I would lock it at once, but at the same time I don't see it as a real problem when it's reliable, which it is, as it's confirmed behavior and I never experienced that it doesn't lock after some seconds..
The updated description is perfect.
As a new Keepass DX user (directly bought pro to support this great project) I usually test security related applications very detailed.
Describe the bug This bug is probably not to be a technical problem, rather creating the impression of a bug, I'm not sure if it's best to report it as a bug.
My first impression was that screen off does not lock the database reliable. But I found out that locking the database has a certain delay after screen off, which is very unexpected.
At first I thought this is a serious security bug, but I found this bug report (https://github.com/Kunzisoft/KeePassDX/issues/498) which says that the time is about 1.5 seconds after screen off before it locks., which fits roughly (personally I think it's rather 2 seconds, but it's still in this ballpark).
Can you confirm that this delay is expected, but that locking database after screen off should work 100% reliable besides the delay?
In case this delay is really expected, which is ok when it works at least 100% reliable, please make aware of it by short note in the setting description.
I seriously thought about deinstalling it again and was questioning the quality (which is crucial for security related apps), before I found out that it seems to be expected. I want to prevent that this could mean losing some DX users who are not aware about this expected delay. :-)
To Reproduce Steps to reproduce the behavior:
Expected behavior Instant lock after screen off with this option enabled.
When technically not possible: I strongly suggest to add a note to the description of this setting to make aware of this behavior. Otherwise one may think ( I did) that you experience a serious security issue, that locking at screen of does not work reliable.
Thanks
KeePass Database
KeePassDX (please complete the following information):
Android (please complete the following information):