Design request: protect app settings with password about strongbox HOT 6 CLOSED

I agree this is a security risk based on the current design. So either the app-level authentication mechanism would have to be added back, a separate layer of security would have to be wrapped around the global settings, or this setting would have to be migrated from a global setting to a database-specific setting which would allow different auto-lock times for each database. The app-level locking was already implemented and removed because of issues so that option may be off the table. I don't think any of the other global settings are an inherent security risk except maybe clipboard clearing but that's a stretch.

from strongbox.

Yeah, it seems like the best way to mitigate this kind of scenario is an App lock. Just need to get a better design than the last implementation, as the various storage providers tend not to play well with any top level view/navigation interference (they assume they own the view hierarchy).

from strongbox.

I am a few months late but I second this request.
All security, privacy apps MUST have this feature (protonmail, minikeepass, authy to name a few)
Most apps allow you to secure the app with a touchID/FaceID but what good is it if it is the same authentication method as what you use to unlock your phone? There are so many cases where a second layer password is needed for the whole app.

Cheers!

from strongbox.

Settings/Preferences can now be protected with 1.28.0. Leaving open for comments for a short while.

from strongbox.

Thanks for the adding this feature. I like the addition of this extra layer of security. It works well so far for me with no issues.

from strongbox.

This looks good now... closing...

from strongbox.