David W. Jones je napisal(a):
> Well, Keepass2 Android password manager allows you to unlock your
> already-unlocked password store using the last 4 (which is
> userr-customizable) characters of the passphrase. Maybe K9 could handle
> things similarly?
Well, this is not so bad idea.
K9 now caches passphrase, but I don't like this idea (passwords to be
cached), because someone else can use (abuse) your key. A lot of users
do not use screen lock, or you put down your phone and screen lock is
not yet activated, or someone grabs a phone from you... and then the
attacker can read your emails or even send fake GPG signed and encrypted
mails.
Maybe there should be another setting:
- enter passphrase each time;
- enter passphrase once (until cancellation or reboot), and then cache it;
- enter passphrase once, cache it, but for unlocking cache require PIN
or pattern.
In last case, if someone grabs a phone from you while it is unlocked, he
will still need a PIN or pattern to read emails (and after some
unsuccessfull attempts, cache should be cleared).
Comments?
Regards,
M.