Could you please add an option to have a timer on requiring master password entry, when using autofill with a browser?
Eg. Open Safari, go to a website login screen. Upon touching a login field, and selecting to autofill from Codebook, the master password is required. OK, makes sense.
But what happens if the username and password fields follow each
other on separate webpages? The master password has to be entered twice!
The last time I asked about this over a year ago, support just said “security reasons”, but they’ll think about adding a timer as an option.
Nothing has changed. They don’t trust the user enough to even give an option. How about 5 minutes? Something, anything.
Thank you very much for using Codebook and posting to the discussion forum. Application Extensions (like the Password AutoFill Extension) operate differently than full fledged Applications (like the main Codebook Application). Application Extensions aren’t meant to be long running, they are intended to accomplish a task and then be cleaned up/removed from running. We have had requests to share the main Applications Codebook AutoLock timer with the Password AutoFill extension, but logistically that’s just not possible to do securely [1]
That being said, we would like to revisit making it more convenient to consecutively fill credentials using the Password AutoFill extension without having to re-authenticate during the same session. We are able to maintain an unlocked state during the same session of the host application. In your example, this would allow you to consecutively fill a username and one page and a password on the next page without having to re-authenticate the second time. As soon as the host application (like Safari) moves to the background (i.e. single pressing the home button, swiping up, or hitting the lock key), the Password AutoFill extension will require authentication again on next filling. This behavior is something that we’ll consider including in a future release. Please reach out to us at support@zetetic.net if you’re interested in beta testing Codebook to try new features out before they are available in official releases to provide feedback.
[1] There’s no “good” way to keep the Codebook encrypted database unlocked, or store your cached Master Password in memory temporarily when the host application (like Safari) is moved to the background.