Auto-Lock database after credentials have been filled

[mkatsevVR]

I usually set lock timeout to be very short (eg 1 minute) so that I can log into a website with browser extension and not leave the db open longer than necessary. But sometimes I know that I'll use it multiple times over a period of time and want to keep unlocked for longer so I don't have to enter the master password each time. The request is to add a toolbar button that would allow one-time increase of the timeout (eg change the timeout to 1 hour, once it's reached the timeout will return back to the shorter value in settings).

[droidmonkey]

We would not implement that since it is a security setting. We do not want to control any security aspects from the browser context. Recommend instead setting a longer unlock timeout and enabling lock on minimize. If you want to lock sooner just minimize KeePassXC or keep it minimized and it'll lock after the browser receives the credentials.

[mkatsevVR]

Sorry if I wasn't clear. I'm not asking to control this from the browser, I'm asking to add a toggle to the keepassxc main window (either the menu or the toolbar)

Recommend instead setting a longer unlock timeout and enabling lock on minimize. If you want to lock sooner just minimize KeePassXC or keep it minimized and it'll lock after the browser receives the credentials.

This is the opposite of my request. I want to have short timeout by default and longer timeout on demand. Your suggestion would provide longer timeout by default and shorter timeout on demand.

[mkatsevVR]

Actually never mind, "it'll lock after the browser receives the credentials." is reasonably close to what I want.

[droidmonkey]

Sorry I thought you wanted this in the extension since this is the extensions repo. It might be better to introduce this directly to the unlock dialog itself. If you normally keep your databases lock after 1 minute, then you may be interested in bypassing that temporarily. The natural location to place that is on the unlock dialog, an unlock extension choice, that would be for that one time only.

[varjolintu]

"Lock after credentials are received" is a bit problematic to do only in the KeePassXC side because if database is locked right after credentials are sent to the extension, the extension will probably react to the database lock and clear the credentials from Autocomplete Menu and the Popup.

Probably the best choice for this is:

• KeePassXC has an extra checkbox for the immediate lock in the unlock dialog.
• Value for this is passed as an extra parameter to the extension when credentials are sent.
• When the extra parameter is found and is set to true, extension sends a lock database message after credentials have been filled to the page.

[varjolintu]

I'll probably do this to Protocol V2 because I'd like to prevent updating the current one.

[mkatsevVR]

Sorry I thought you wanted this in the extension since this is the extensions repo

Oh, my bad, I didn't notice that this was the wrong repo. Should I create a new issue in the main repo instead?

It might be better to introduce this directly to the unlock dialog itself.

This makes sense to me.

[varjolintu]

@mkatsevVR This needs changes to both repos. This issue can remain here.