Closed ipundit closed 6 years ago
There is no concept of login and logout in browserpass itself, what you are probably referring to is the locking and unlocking of your gpg key. Browserpass is not managing your gpg sessions, it is handled by your gpg-agent and how you configure it on your own system.
One brutal way to "log out" is to kill gpg-agent
process, a better way is to configure timeouts in your $HOME/.gnupg/gpg-agent.conf
, see options --default-cache-ttl
and --max-cache-ttl
.
If you own a yubikey, you can additionally configure it to wait for a physical touch (or even ask for PIN) as a confirmation before unlocking the credentials, or once per session. But again, all of this is out of scope of browserpass, it respects your configuration of gpg
and gpg-agent
.
Ok thanks for the clarification. My 2 cents is to at least state this in the documentation, as it was not obvious to me and I need to refactor my .password-store with this revelation. For example, I have private notes that having nothing to do with logging in to websites, and did not expect that logging into a website through browserpass would allow gpg -d not-a-website
to decrypt as a side-effect of logging into a site through browserpass.
Here's another use case for your consideration:
Being logged into multiple accounts at the same time is wonderful (and AFAIK, a unique feature to browserpass), but if the user does not understand what is happening, bad things can happen. Perhaps the default, or at least toggleable behavior upon install would be create a new key-pair for the user after asking him to choose a master password, and then isolating his browser's passwords into a separate password-store by default. This has the desired side-effect of having everything "just work" upon install, rather than relying on users to manually set up all the dependencies. Most Windows users would not be able to do that, and therefore, would not use browserpass as it wouldn't work for them out-of-the-box.
If advanced users want to import or move logins from their existing keystore into this browserpass keystore, then they can do so, but they do it while explicitly understanding the security implications.
@ipundit you can use different gpg keys to lock different password stores. If you want to have the same key encode your entire password store, change the default-cache-ttl
and max-cache-ttl
keys in your gpg-agent.conf
to whatever you think best. You'll have to enter your password upon every request for passwords, but it's the safest. Else use a different password store for all your banking needs.
My two cents are that I use different keys for storing (private) documents, signing emails, and using my password store. If you fear a malicious actor with physical access to your device, the recommended way of doing things is to kill gpg agent before handing over your computer to anyone else. The command to do so is gpgconf --kill gpg-agent
. This has the effect of "logging out" as it is.
Love the scenario 😃
I see why you are asking these questions (and by the way, please continue sharing your ideas), but I'm a bit hesitant to go into describing how to create and configure password store because browserpass
is meant to be only a visual extension over the pass. Even though the code doesn't explicitly depend on the pass
executable anymore, the idea always was that browserpass is just another frontend for the password store that you use and manage with pass
. Your scenario could be rephrased as "Fred the father unlocks password store with pass show personal/bank.com
" and all the issues still remain, which indicates to me that this scenario is not really about the browserpass.
What I'm trying to say is that in this project we should document what we built on top of pass
, but make it clear for users that they need to learn about pass
for how to manage the password store itself and how to configure gpg
.
General information
Exact steps to reproduce the problem
What should happen?
Typing
logout <enter>
would logout. The next time the user attempts to login to a form, he has to enter his master password again