search

SecUSo / privacy-friendly-passwordgenerator

Privacy Friendly App that deterministically generates passwords from parameters and a master password.
https://secuso.org/pfa
GNU General Public License v3.0
45 stars 16 forks source link

Provide An Option For Users To Enable/Disable Screen Security #32

Open realrufans opened 5 years ago

realrufans commented 5 years ago

Components

My suggestion will improve users experience with the app. The suggestion requires an additional option in the app settings.

Proposal Description

I understand how this project takes security issues seriously, and at the same time, the app seems to be privacy friendly. I noticed that the application has FLAG_SECURE feature enabled. For those who don't know what FLAG_SECURE is, it's a feature that disables the app screen from being be captured or recorded.

My experience with the app was awesome, but, I think there's an option missing. This option is the ability for users to enable, or disable the FLAG_SECURE feature.

The FLAG_SECURE can be narrowed down to users level, by adding an option in the app settings to disable/enable screen recording.

I sincerely understand that the project is aiming at setting its security level at topnotch while being friendly. But, I at the same time, I believe if this option is implemented, the app will be even more friendly, and will still main its privacy level.

The button can be titled as Screen security. Once this button is switched on, users won't be able to take recordings or screenshots, while when it's turned off, will be the opposite case.

Does This Feature Gives Aceess To Unauthorised Users To Take Screenshots/Recordings?

Implementing this request will definitely let any user enable or disable screenshot feature. I know it's an issue, but, it can be solved by enabling Master password while trying to disable FLAG_SECURE option. This simply means if a user doesn't have the Master password, then the user can't enable screen recording. The app has the master key enabled already. So, requesting for the master key while turning off FLAG_SECURE option should be an ease intent.

Mockups / Examples

Before the user could turn the screen security off, he/she must have entered the app master key.

Benefits

If this feature is implemented, the account owner will be free to take screenshots for personal reasons. As I have sated at the beginning of this suggestion that, I had a nice time with the app. But, I needed to take a screenshot of the app, but I was denied access. Also, I might decide to take screenshots of my passwords so as to save them on another storage( picture form), as we all know an app can be uninstalled anytime, and I don't want to lose my passphrases to my accounts.

petermayer commented 5 years ago

Hi @realrufans. Thanks for the suggestion. Note that you suggestion to introduce this option and protect by the master password would require to store a hash of the master password in the app, which is currently not needed. However, we will leave this issue open, to gather opinions about this topic.