paolostivanin
commented
1 year ago Hello, please see: https://github.com/paolostivanin/OTPClient/issues/275
Closed ralhei closed 1 year ago
paolostivanin
commented
1 year ago Hello, please see: https://github.com/paolostivanin/OTPClient/issues/275
ralhei
commented
1 year ago ok, thanks for the clarification about the Secret Service integration. This makes sense when using otpclient after a fresh login. However, I think it gives a wrong impression of privacy if I manually lock otpclient (by clicking on the lock), and all it takes to reopen it, is to quit and restart otpclient. In case of enabled Secret Service integration I would suggest to disable the manual lock functionality, because it is basically useless (or even dangerous if you think you can rely on it).
paolostivanin
commented
1 year ago yep, that makes perfect sense and comes with v3.1.4 released a few days ago :)
For some time otpclient (v 3.1.3 on opensuse linux) is not locked when the application is started. Instead, otp values can be retrieved without any authentication. I can manually lock the otpclient, then it requests a password. If, however, I click the quit button and restart otpclient again, it is again unlocked immediately without requesting a password. Any ideas on how to solve this security issue?