Lesspass: Password is cleared after some time

Created on 28 Nov 2016  ·  5Comments  ·  Source: lesspass/lesspass

I _assume_ this is a feature. But there is no user feedback whatsoever. I came back to the tab and found the UI in a completely different state than I left it. This can make users confused/anxious about what happened to their password or if they opened the wrong tab. Security shouldn't make you feel less secure.

Suggestion: add a notice that the passwords have been cleared for security reasons.

ux
Source
picture Prinzhorn

Most helpful comment

Thoughts (I know nothing about the current implementation):

  • A visible countdown puts people under pressure, which is a bad thing
  • The countdown should only start when the user is inactive (key*, mouse* and (page)visibilitychange events) and will be reset when they become active again

I was thinking about a countdown-like UI, e.g. a decreasing bar below the master password field or the visual checksum that suggest it will disappear. In both case it might become annoying on the long run.

This doesn't solve the problem when I leave the tab in the background. I won't know that there was a countdown. In case a visibilitychange is recognized the user can be presented with a message when they come back.

picture Prinzhorn on 29 Nov 2016
👍3

All 5 comments

@Prinzhorn yes, clearing the form is a feature. But you are right, it might be confusing for user to come back and see nothing.

I was thinking about a countdown-like UI, e.g. a decreasing bar below the _master password_ field or the _visual checksum_ that suggest it will disappear. In both case it might become annoying on the long run.

edouard-lopez picture edouard-lopez on 29 Nov 2016

Thoughts (I know nothing about the current implementation):

  • A visible countdown puts people under pressure, which is a bad thing
  • The countdown should only start when the user is inactive (key*, mouse* and (page)visibilitychange events) and will be reset when they become active again

I was thinking about a countdown-like UI, e.g. a decreasing bar below the master password field or the visual checksum that suggest it will disappear. In both case it might become annoying on the long run.

This doesn't solve the problem when I leave the tab in the background. I won't know that there was a countdown. In case a visibilitychange is recognized the user can be presented with a message when they come back.

Prinzhorn picture Prinzhorn on 29 Nov 2016
👍3

@Prinzhorn if the copy remove the master password, does it helps ?

guillaumevincent picture guillaumevincent on 29 Nov 2016

Adding a note when the password is cleared should be better, isn't it?

Kcchouette picture Kcchouette on 20 Sep 2017

I close this one. The issue is difficult to solve without a visual component.
Because a visible countdown puts people under pressure, which is a bad thing and because we loose the web context in the web extension, I don't know what solution I can use.

Feel free to add some comment here, if you have good solution.

guillaumevincent picture guillaumevincent on 8 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jparsert picture jparsert  ·  3Comments
panther2 picture panther2  ·  5Comments
edouard-lopez picture edouard-lopez  ·  4Comments
panther2 picture panther2  ·  3Comments
panther2 picture panther2  ·  4Comments