Entry data are lost if the screen locks during creation

[ZornsLemma]

Describe the bug

When I am signing up for a new online account, I open KeePassDX on my phone and create an entry for it. I use the option to generate a new random password. I type that into the web browser on my PC and complete the sign up process. I don't always remember to save the new KeePassDX entry automatically straight away - this is often deliberate, in case the website decides my password has to be changed (e.g. they insist on a special character).

If I forget to save the new entry in KeePassDX and the phone locks, the entry I was adding is lost forever, along with the only copy of the password. So I now have a new online account but no record of the password.

To Reproduce

Steps to reproduce the behavior:

1. Open KeepassDX
2. Open the password database in writable mode
3. Add a new entry.
4. Use the dice icon to generate a new password
5. Wait for the lock to happen
6. The newly generated password is now lost.

Expected behavior

Any of the following would seem better to me than the current behaviour:

• Auto-save the database before locking the screen
• Inhibit the lock when adding a new entry
• Put the newly generated password in some short-term list of "recently generated passwords", so I can go find it there.

There may be other better solutions I haven't thought of.

KeePassDX:

• Version: 3.5.1
• Build: F-Droid
• Language: English

Android:

• Device: Moto G5
• Version: LineageOS 18.1

[J-Jamet]

• Auto-save the database before locking the screen : The screen shutdown event could be a trigger event for the save, but care must be taken, as this would imply a systemic save process, which is dangerous if the process is long, if the file manager cuts the connection or simply if the phone shuts down. We'll see if there's a bug with the foreground service. To be tested but I'd like to avoid that.

• Inhibit the lock when adding a new entry : It's already implemented, it's in the code but I can't force the phone not to go to sleep if you've switched visible applications or turned off your screen manually. https://github.com/Kunzisoft/KeePassDX/blob/428efd2bb6395a1882fa8f1e4753d720cfc5b33c/app/src/main/java/com/kunzisoft/keepass/activities/EntryEditActivity.kt#L485

• Put the newly generated password in some short-term list of "recently generated passwords", so I can go find it there : Not a solution from a security point of view, there's no point in having a vault if passwords are wandering around on a separate list.

The second solution has already been implemented so it means that the database is locked because you left the editing screen or a timer is done. Here it's simply a workflow issue: when you create a new entry for a new service, remember to save the entry you've created. Otherwise you won't be able to use the fill help anyway.

I'm aware that we can improve the creation of an entry for a new form, but we need to think of better solutions.

[ZornsLemma]

Thanks for getting back to me!

I didn't have the "Keep screen on" option enabled in settings; I didn't realise it would affect data entry as well as viewing existing records. This is already a big improvement and in practice will probably stop me running into this problem. I would probably prefer separate "Keep screen on when editing" and "Keep screen on when viewing" options, as I only really want this functionality when I might lose what I'm entering, but I don't think this is a big deal and I appreciate it's good to try to keep the option clutter down.

The KeePassDX database timeout still kicks in and loses my incomplete entry if I wait long enough. It would be nice if there was an option to disable the database timeout while editing, but I can see security arguments against this. In any case, for me my general phone screen timeout is 1 minute while the KeePassDX database timeout is 5 minutes, so enabling "Keep screen on" vastly extends the window of time for me to save the new entry.

Thanks for your help with this, it's much appreciated!

[J-Jamet]

I'm going to change the wording of the setting description to make it clearer.

[ropeladder]

I just ran into this issue (and not for the first time). When I'm creating passwords I'm often working through bureaucratic/administrative workflows that are tedious and distraction prone.

Intuitively, I would think there should not be a situation in which I have created a password and then it can disappear without me explicitly deleting or discarding it. I think the behavior I expect from the app would be to autosave the whole entry any time a field is updated. I'm not sure there is much value in waiting until I explicitly save things, and if you wanted to you could do a 'discard changes' button that restored prior information for a given open entry.

[J-Jamet]

I think the behavior I expect from the app would be to autosave the whole entry any time a field is updated

The problem has to be taken in a simpler way, if the entry isn't validated, it isn't saved, that's all. Even if it's because the user was doing something else in the meantime.

That's the whole point of validation, otherwise you might as well save every time a field's character changes, but in this case it's problematic. Think of those with a 5-second save time. If every time you add a character to a form, you have to wait 5 seconds (or less, 1 second is also huge), do you think it's viable?

[J-Jamet]

On the other hand, I can add a warning to the education screens to inform the user that the data is lost if it is not validated and saved.