Be able to auto-lock browser extensions with extra password, not just pin
Hello,
I would like to suggest allowing the auto-lock feature with the extra password on the browser extension. Currently, this feature is available for the web app but on the browser extension the only auto lock feature is with a PIN, not the extra password. This would allow extra security, and the feature is already (relatively) there since it's available on the web app.
Thanks!
Hazz4rd
shared this idea
-
dean
commented
Or even better maybe with YubiKey or OTP :)
-
AvercromXD
commented
Yes this was a dealbreaker for me and the reason why I am with 1password at the moment! You can already have a second password for the vault, why not use that to lock the extension instead of a 6 digit pin?
-
Telokis
commented
This is the default I expected when I installed Proton Pass, coming from 1Passwod.
I just realized Proton doesn't lock when I close my browser. This means the data is accessible unencrypted at rest on my storage disk.
Even after shutting down the computer, the Proton Pass extension is still unlocked and well, demonstrating that the data would be accessible to anyone getting a hold of my laptop. -
JB
commented
This is a troubling oversight, I hope it gets addressed soon. The negative impacts of lacking this feature are threefold, in decreasing order of severity (in my opinion):
1. It requires users to decrease their security stance in order to use the extension, either by using a PIN or by not locking the extension.
2. It means that users use their extra password less frequently making them more likely to forget it.
3. It requires users to remember an additional piece of information (the PIN).
-
EV commented
It feels a bit unsafe to have my extension only locked with a 6 digit pin code, while you can choose to have an extra password for the desktop app or site. It would be nice if the extension could also be locked with the extra password (and the account password).