Open FlightMS opened 3 years ago
keepassium
commented
3 years ago Thank you for the suggestion! As I see it, a passcode is a stricter verification than Face ID, so double check seems redundant...
Could you explain how this would make the app more secure?
Thunder33345
commented
3 years ago I agree it seems redundant, biometics would assert "something you are"(ex the person who's authorized), therefore it should be able to superceed "what you know" or "what you have" making both redundant
If it's worry about law enforcement forcing you to authenticate via biometrics against your will, you can always opt to disable biometric authentication, which seems better approach then to require 2 step unlock
If you think biometrics are more secure, you can disable pin input and make it only accept biometric authentication
FlightMS
commented
3 years ago My intention was to add a second check. For example if someone tries to open the database with Face ID while you‘re asleep.
I‘ve seen other password manager apps where the app itself was unlocked with a passcode and the database was unlocked with Face ID instead of entering the masterpassword of the database.
tjay
commented
3 years ago Such an option would be great. The possibility of entering biometrics and PINs would increase security, as biometrics are not always passed on voluntarily.
Mihahn
commented
2 years ago It would be great to have this option – if it's opt-in it doesn't hurt and people don't have to use it, if they think it's redundant.
A simple usecase: Some people allow their partner to unlock the device with biometric data (Touch ID or Face ID), but still don't want to allow them to unlock the database. They could disable biometric unlock for Keepassium, but maybe they consider Face ID more secure than only a 6-digit PIN. A "two-step" verification (biometric data + PIN) seems more secure to me than just one of them. Other Keepass applications support it and I'd love Keepassium to support it, too.
I agree it seems redundant, biometics would assert "something you are"(ex the person who's authorized), therefore it should be able to superceed "what you know" or "what you have" making both redundant
I don't get that one. "What you know" is the pin, "what you have" is your thumb/your face. I think it's much more secure than using just one factor.
Thunder33345
commented
2 years ago A simple usecase: Some people allow their partner to unlock the device with biometric data (Touch ID or Face ID), but still don't want to allow them to unlock the database.
I see, I was failing to understand the reason/usecase behind it, but now it make sense why it could be useful in certain situtions.
I think it's much more secure than using just one factor.
I guess so, but seems like most people agreed too, and there shouldnt impede others as it is optional anyways. I acknowlage biometrics could be given involuntarily, my opinion would be just turn it off and use pin only, but yes having bio+pin requirement would still be better then requiring only pin, as there would be more hurdles for bad actors to attempt to unlock it.
O35dE
commented
7 months ago I would love to have this option Face id + PIN too in Keepassium, especially if there is an additional option of after a given number of times you try to unlock the application using the wrong pin all references to DBs, keys, etc... are automatically deleted.
O35dE
commented
1 month ago In iOS 18 you can use the native FaceId to lock the app + KP’s PIN protection.
It would be nice if there is an optional two-step unlock for the app.
First with Face ID and then when Face ID passed, with an additional passcode.
This would make the app more secure!