Improve support for Macbook Pro TouchID

[k6nmx]

To further improve the utilization of TouchID on Macbook Pro and make the unlock feature more intuitive to use (see comments in #2720 for pull request #1851), I would like to implement the following changes:

• Make enabling TouchID a global setting (not per database)
• Add an indication that TouchID is available to unlock (colored icon) on the unlock screen / greyed out when it is not. When it is disabled in the settings no icon is shown.
• Unlock with TouchID is triggered when it is activated/available and ...
  • ... User clicks on the colored icon
  • ... User tries to unlock database without entering a password
  • ... Window is being brought to the foreground by the user
  • ... Tab is being changed / brought to foreground (multi database usage)
  • I would suggest making the last two scenarios an optional setting
• TouchID is automatically deactivated on 3 consecutively failed tries (until user enters the password correctly again)
• Raising the maximum time-out of TouchID (currently the maximum value is 999 minutes)

Further additions (edited):

• Hints and dialog that guide the user through the process of activating and using TouchID for Keepass
• Enable TouchID persistently across restarts of the application

How do you guys feel about this?

[foufoulefou]

Ok thank, I thought I did something wrong. I will wait for a patch.

Thanks

[edswangren]

As a long time user, just throwing in my $0.02...

I am also in favor of simplifying this feature. If I've enabled TouchId, here's what I would like the flow to look like:

1. Open DB or pull up window of a timed out DB
2. Click a button
3. Provide fingerprint

That's it. I'd like to just be able to use my FP at all times on my personal PC. For the average user it makes no sense to complicate things further.

[phoerious]

Using TouchID effectively lowers the security of your database. It is still secure against theft from your cloud storage, but you trade a complex master password for your arguably complex, but easily obtainable yet unchangeable finger print. I am not against convenience features and for certain passwords a fingerprint may be enough, but I wouldn't want to secure my PayPal or bank accounts with it. As an expert user, you may be able to assess the risks, but if we are talking about the average user, then providing them with this kind of convenience is exactly the wrong approach and the details why that is are rather hard to convey. You have to treat biometrics as usernames, not as passwords.

[leviem1]

@phoerious You're correct, but in KeePassXS, like most fingerprint accessible devices, you still need the original password initially to allow the fingerprinting to work at all, and you can configure timeouts for this. Simplifying the interface isn't going to change anything about the security of the program, which is what this thread is discussing. We don't want to change how the existing process works, just how it's presented to the user. And if a user is concerned enough about security to start using an open-source package manager over something like Dashlane, they're probably capable of making their own decision of what features they want enabled.

[phoerious]

The way it works is that we take your master password and store it in your keychain encrypted by your biometrics. We delete it again once you close KeePassXC or when you lock your computer. If we allowed for TouchID to stay active indefinitely, your master password would stay there indefinitely as well, only protected by your fingerprint.

[johnrichardrinehart]

@phoerious (please don't interpret as aggressive) What is your request/claim? I understand your concern. Do you want to remove biometrics/fingerprint scanning from KeePassXC? Keep the UI equally obfuscated?

I want to ensure this thread is on topic.

[phoerious]

TouchID is a quick-unlock feature, not a replacement for your master password. That is how most KeePass-compatible apps handle it and that is how it will stay for now. There is nothing "obfuscated", that is just how the mechanism works.

[leviem1]

Agreed, please don't view my last message as an attack, I was also a bit confused what exactly you were trying to convey. I agree that "never typing a password again" is not secure enough. But most people are okay with the way their phones work (password on occasion and after restarts). Isn't that authentication flow what we're essentially going for here if fingerprints are enabled? If so, we've discussed just adding making another button appear for fingerprint authentication if it's available.

Conversely, we could also just make users press a button to "unlock" the DB without having the user enter a password first. When the user clicks the button and if they can use their fingerprint it should prompt them to do so, otherwise we prompt for the password. This is obviously harder than just adding a button, but I think it would simplify a lot about the interface.

[phoerious]

But most people are okay with the way their phones work (password on occasion and after restarts).

That's how this here works as well. Password on occasion (e.g. after screen lock) and after restarts.

Conversely, we could also just make users press a button to "unlock" the DB without having the user enter a password first.

How it looks in the UI is debatable and may be addressed by one of our future redesign PRs. I cannot really test any of that, since I don't own a TouchID-compatible device.

[johnrichardrinehart]

@phoerious Your concerns have been considered. There seems to be interest in improving the UI to facilitate the use of this feature and minimize confusion. I see no problem with this. We're all in agreement.

[haojianzong]

Is this being actively worked on? I just switch from LastPass to KeePassXC, from a new user's perspective, it took me a long way (~1 day ) until I figure out how to trigger TouchID. I understand using TouchID as replacement for password might be difficult, but we can make things easier for new users:

1. Include TouchID in FAQ on keepassxc.org (as already discussed above)
2. Add a "Unlock with TouchID" next to "OK" button when it is possible

[brainard52]

Another thing that is commonly done is to confirm the enablement of Touch ID by touching the sensor. Rather than a checkbox, a button could be used to trigger the confirmation dialogue.

[ostrolucky]

Nah, confirmation dialogue with touchid should be opened by default when touchid id available. That's how it's done in other password managers. We don't want having to click on some button every time we want to open database first and only then we can use fingerprint.

[brainard52]

Nah, confirmation dialogue with touchid should be opened by default when touchid id available. That's how it's done in other password managers. We don't want having to click on some button every time we want to open database first and only then we can use fingerprint.

I meant that the button would be used in place of the checkbox. Clicking a button before doing Touch ID every time I open a database would be a pain, I agree.

[englut]

These improvements are very much needed. I've been using KeePassXC for 3 years now, and today was the first time I used TouchID to unlock my database: Click "OK" first while TouchID for Quick Unlock is checked on (and of course not the first time you're opening your database after initial load of KeePassXC). I'm not sure if how long it took to figure out how to use TouchID says more about me as a user or more about KeePassXC's UX. Either way, here we are.

[ghost]

Agree, don’t press a button when you need to use Touch ID to unlock, it’s too much trouble. Strongbox is designed like this, no need to press a button first, thank you

[mikeziri]

I don't like complaining without contributing. just want to say thanks for the implemented feature until now.

I agree it was hard to understand how it works (first unlock to get password in to memory for future touchid unlocks and press ok without password with touch id checkbox checked). a FAQ on the website and a better gui will be more than enough.

thank you and keep up the good work.

[droidmonkey]

Closed in 2.7.0