Comments (7)
Thanks!
Can you describe in more details why you need / how you use the "normal thumbnail"?
from keepassium.
It’s probably purely cosmetic. I’m coming from 1Password which behaves like that. I feel that is more natural from the perspective of consistency with the rest of the os.
from keepassium.
To be honest, I have mixed feelings about this.
On one hand — why not? Another option in the settings is not a big deal.
On the other hand, however, there are a couple of considerations.
Firstly, the technical one. The thumbnail screenshot is created when you leave the app, and — as far as I know — cannot be updated while the app is in background. So if the app locks up while in background — all the sensitive data will remain visible in App Switcher. Not cool.
Secondly, the priorities. For a password manager, the main priority is to protect its content. Aesthetics is certainly nice to have, but not at the expense of security.
KeePassium has to guarantee that no matter what, a third person won't get even a glance at the app. Currently, this is controlled by two directly related options: AppLock Enabled
and AppLock Timeout
. By adding a third (unrelated) option, a-la Cover when in background
, KeePassium would increase the chances of accidental misconfiguration and data exposure. Admittedly, such cases would be rare — but with very high impact for the user. A minor aesthetic improvement does not seem to justify the risk.
For any other app, the decision would have been easy to make. Simply add the switch, wait for a month, and check in-app analytics to see how many people actually use this option. For KeePassium, this is not an option, so I would appreciate more feedback why such a feature would be important/useful. So far, it does not seem to be worth the risk it carries...
from keepassium.
I’m not sure if the technical limitations are still present on the current iOS, based on some conversations with Strongbox’s developer. I do agree with your other concerns, which are definitely problematic when the technical issues still apply now.
from keepassium.
I have taken a deeper look into the pros and cons of this feature.
Regarding the consistency, there are these guidelines:
Prepare Your UI for the App Snapshot
(...) Your app’s UI must not contain any sensitive user information, such as passwords or credit card numbers. If your interface contains such information, remove it from your views when entering the background.
So hiding any sensitive info when in background is the recommended approach. For KeePassium, "sensitive info" is pretty much everything (except the AppLock Passcode input dialog).
The technical limitation, in contrast, might be lifted soon. The current method for background app refresh might be arbitrarily delayed by the system, and thus is not reliable for a critical task. However, there will be more options in the upcoming iOS 13.
It is very hard to say "no" to a nice feature, especially in such borderline case. But I don't think it outweighs the security concerns it brings. At least for now. Sorry about that.
I will be happy to reopen if there are more similar requests, or if the standards change with iOS 13.
from keepassium.
I suggest you take a look at the behaviour of 1Password, which feels much smoother. The lack of polish of apps for KeePass is a big hurdle for adoption and growth.
from keepassium.
Will do, thanks!
The lack of polish of apps for KeePass is a big hurdle for adoption and growth.
Touché. This is exactly the problem KeePassium is aiming to solve.
Learning from more polished apps (such as 1Password) is of course a good way to achieve this. This will take some time, though...
from keepassium.
Related Issues (20)
- Add ability to launch keepassium from system tray icon HOT 3
- Custom hotkeys/shortcuts/macros are blocked while KeePassium is running HOT 4
- Dropbox sync issues HOT 1
- iOS: password-to-clipboard function changes uppercase letters to lowercase HOT 1
- Some storage providers are "blocked by your organization" HOT 3
- [iOS/Safari] Empty Username clears field rather than not typing anything HOT 2
- No search with autofill HOT 5
- Random Generator UX improvement suggestions. HOT 5
- Some USB YubiKeys could be processed incorrectly HOT 1
- Group editor broken for KDB files in 1.50
- No sync if file set to unreachable HOT 4
- Autofill Memory Limits exceeded on relatively small database HOT 5
- Large icons may bloat when added as custom icons HOT 1
- Make NFC YubiKeys available in iOS AutoFill HOT 1
- Auto clear application data if the wrong pin is entered repeatedly HOT 4
- Permanent error message - DB is not “available” HOT 5
- Password quality meter is too optimistic for the estimated entropy
- Password Generator separator breaks ui HOT 5
- TOTP autofill? HOT 2
- Password does not hide correctly after locking iPhone HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keepassium.