Skip to content

Change the default lock option from "Never" to...anything else? #467

Description

@kriswilk

By default the Chrome extension is set to NEVER lock the vault. This is, IMHO, a tremendously dangerous default setting for the average user. Many users may not realize that their vault is unlocked even after closing the browser...any passer-by could just open the browser and have everything.

Furthermore, this default setting means that the master password (or some valuable hash of it) must be persistently stored on the computer rather than just temporarily in memory. I realize this must be the case for the "never" setting, but as the DEFAULT?

I propose:

  • change the default lock option to, say, 15 minutes. This would be way more sane and users could always change it consciously afterward.
  • if you DO change the coded default, notify users when the extension is updated and ask if they want to change their current setting to the new default. This will alert anyone who was not aware of this already.
  • always alert users to the additional security implications of selecting "Never" as the lock setting...some kind of popup message maybe?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions