Periodically ask Master Password when using Face ID

When Face ID is enabled (or PIN), it’s quite easy to rarely need to enter the master password and then forget it. When enabling these features, have an option to ask the master password every so often, for example every 7 uses or every 2 weeks, whichever comes first.

2 Likes

Can this be accomplished by setting the vault timeout action to Log Out? and the timeout to whatever days or weeks.
I think so.

@oleg-comm Welcome to the community and interesting idea!

As an extra precaution against forgetting my password, I write it down on a piece of paper and store the paper in a secure location.

2 Likes

This would accomplish this but at the expense of leaving your vault sitting unencrypted for that period of time on your local machine. It would be better to be able to lock immediately but still prompt for master password every X days. I think many services force a password check at 30 days.

1 Like

This is something that would highly annoy me.

You can already set require master password after lock, (i don’t) so not sure what you’d achieve apart from gain rsi from over working a tiny android keypad with a 50-60 character password.

If you worry about forgetting it, either create an account allowed to request take over of yours or write down the password and hide it well in the place(s) you may need to access it.

My phone is annoying enough asking for the password every week or so just for the sake of it.

Timeout would mean it would be unlocked for that period of time and it’s only for 24 hours, that’s too often to prompt.

Right, it should be encrypted and prompt every so often.

I usually allow login with biometrics and then press lock now within app setting. Then I get back to the login screen and just type in my master password (no prompt to use biometrics for me when I do it this way). Tend to do this about every 3 days to keep it fresh in my mind.

1 Like

To me it is annoying whenever I need to type my password.
I understand that it today is important to not forget the master password, but I still hope for a future where it is not required to remember any password, 100% passwordless - how could that be achieved?

I would love this feature as well. Note that the intention of this feature is to make sure the person occasionally has to recall their master password, so they don’t forget it. It’s not to increase security.

To those saying it would be annoying to have to type it frequently, I agree. So I want to emphasize that the request is to add this feature as an option, not as a requirement. You choose if you want to enable it.

Also note that different people use different security models to add recoverability of their master password. For many, it’s writing it down on paper and storing in a secure place. That’s great, and it works! Heck, some people even generate a random master password and choose to never memorize it!
But for some, like me, both these security models don’t work. My threat model is a bit different and choosing to write down my master password and storing it in any physical location is not a valid option. The safest place to store in the master password is my mind. Which is why this feature would be awesome for me.

Note that the problem I’m trying to solve here is memorisation of master password, not recoverability! I have set up recoverability of my password another way, and the way I have set it up guarantees recovery even in the case of complete amnesia.

1 Like