Keepass2android: Fingerprint AND password

Created on 18 Dec 2018  路  7Comments  路  Source: PhilippC/keepass2android

Sorry I am quite new in using this app. I was looking for a way to setup so that is unlocking only if I provide fingerprint AND password. I would think that in this way it would comply with 2FA. Is any way to do it ? Thanks

(EDIT: same request in #399)

Most helpful comment

Having some kind of password or PIN as GUI unlock would be fine I think. That + fingerprint should be enough for a 2FA. As long as you change the PIN often enough It should be safe. For my use case, having just a PIN to access my passwords (and changing that PIN every week or so) is way easier and comfortable that having to input the last X characters of my password. I'd be glad to take care of the implementation of the PIN unlock in the app if you want.

All 7 comments

I don't think there is a way to include the fingerprint information as part of the encryption key. It might be possible to require fingerprint as a kind of GUI unlock in addition. I leave this open and will see if it gets some positive feedback from other users.

In this moment, I can unlock only with the fingerprint. I would be nice if it would ask also the password in addition. If I disable the fingerprint, it is asking only the password. Android.

As a work-around, I use now the normal password to open the database, plus fingerprint for the quick unlock.

Having some kind of password or PIN as GUI unlock would be fine I think. That + fingerprint should be enough for a 2FA. As long as you change the PIN often enough It should be safe. For my use case, having just a PIN to access my passwords (and changing that PIN every week or so) is way easier and comfortable that having to input the last X characters of my password. I'd be glad to take care of the implementation of the PIN unlock in the app if you want.

Almamu said:

Having some kind of password or PIN as GUI unlock would be fine I think. That + fingerprint should be enough for a 2FA. As long as you change the PIN often enough It should be safe. For my use case, having just a PIN to access my passwords (and changing that PIN every week or so) is way easier and comfortable that having to input the last X characters of my password. I'd be glad to take care of the implementation of the PIN unlock in the app if you want.

I would love to see this GUI PIN 2FA. In my case, I hate typing in my password on the phone, to the point of bypassing it with my fingerprint despite the risks (especially bad since I unlock my phone using fingerprint too).

Having the option of unlocking the database using fingerprint + PIN would be awesome.

I agree that fingerprint + PIN would be nice to be able to easily unlock the database without having to type in my super long password but also without being as insecure as using the fingerprint in place of the password (with no additional protection such as a PIN), and that's the reason I came here, to request/+1 such an idea.

I mainly wanted to post in response to this issue though to tell @maurice74 that a probably better way to do what they're trying to do would be to use a keyfile. That would also serve as 2FA and would require someone to have your database, password, and the keyfile. I used to just use a password, and while that was _probably_ secure enough, I decided to start using a keyfile as well, so even if an online account where I store the database were to be compromised, and somehow the password were compromised or cracked, it would still be inaccessible, since I don't store the keyfile online, and have never uploaded it online. I am now actually considering storing it online, in a separate service than the database, instead of on the phone, so if the phone is lost or stolen I can just remove it and anyone trying to access the database wouldn't be able to since KP2A wouldn't be able to access the file anymore.

duplicate of #399

Was this page helpful?
0 / 5 - 0 ratings

Related issues

vlig picture vlig  路  5Comments

bbbco picture bbbco  路  4Comments

4-FLOSS-Free-Libre-Open-Source-Software picture 4-FLOSS-Free-Libre-Open-Source-Software  路  5Comments

Phantop picture Phantop  路  6Comments

LevYas picture LevYas  路  5Comments