I think they should revisit the options available for locking/log off to end users, right now the app lumps those together. It might be best if they separate those function settings (I think LastPass did it this way).
Right now, “Locking” allows for Bio-unlock to get back in with Logging Off requiring the master password to authenticate. You can configure a timer (or another rule) to do one or the other (lock or log off). Let’s just think of them as a Locked Session (authenticated with master pass, but vault visibility is locked) and a Closed Session (vault is closed, not in hot memory).
Clearly some users want to be able to do a Bio unlock for the Locked status and others want to do it for the Logged Off status (the latter being the more complete locked, to my knowledge). There’s probably a few other scenarios as well.
Something like:
Unlock Options:
- Unlock w/ Biometrics - Face [true/false]
- Unlock w/ Biometrics - Fingerprint [true/false]
- Require PIN Code [t/f]
- Require Master Password [t/f]
- Require Face [true/false]
- Require Fingerprint [t/f]
- [… others …]
- Lock after Session Timeout [time, etc.]
Logon Options:
- Logon w/ Biometrics - Face [true/false]
- Logon w/ Biometrics - Fingerprint [true/false]
- Require PIN Code [t/f]
- Require Master Password [t/f]
- Require Face [true/false]
- Require Fingerprint [t/f]
- [… others …]
- Logoff after Session Timeout [time, etc.]
^^ Being able to set multiple “requires” adds a layer where the user can configure multiple verifications if they so choose (e.g. a PIN code and fingerprint).
Something like that would give a lot more flexibility to users in how they secure their vault.
For me, I want to be able to quickly get into my vault with Biometrics but also have the ability to quickly lock it down (requiring my master password). Giving only one set of options to handle the session and what the timeout rule does makes it so I have to either frequently reenter my master password, or live with just “locking” the vault.