This project has moved. For the latest updates, please go here.

K2A dies and forgets DB and QuickUnlock settings; QuickUnlock length; keyboard switch

Jul 27, 2013 at 2:47 PM
This is great but I see a few issues.
  • I change the length of the QuickUnlock key in settings to 4, the setting is remembered when I go back, but I am still asked for the default length of 3. It would be nice to be able to set a completely new key though.
  • Apparently the app is killed while I am using the browser and the notification icon disappears. next time Keepass2Android runs, I am asked to select database and enter the full key. But I have asked it to remember the database path and use QuickUnlock. My full key is so long, I don't want to enter it on a handset keyboard ever again! In fact, that's the reason I haven't been using password managers on my handsets, so K2A's QuickUnlock method is brilliant if it works.
  • The alternative keyboard is a good idea, but could it switch back to the default keyboard when leaving K2A, or something like that? It's a bit tedious having to switch between keyboards all the time.
Jul 28, 2013 at 12:54 PM
I would second the request to switch back to the default keyboard after using the k2a keyboard to insert username and password fields! The alternative keyboard is an AMAZING security and ease-of-use innovation, but needs this little tweak to make it fully functional.

I successfully changed the length of the QuickUnlock, but it did not show correctly until restarting kp2a.
Coordinator
Jul 28, 2013 at 4:54 PM
  • Note that you can change the QuickUnlock settings even if the database is locked. It would be pretty bad if an attacker could change the length to 1 letter and then try to unlock. This is the reason why you need to reload the database.
  • Unfortunately, KP2A already does everything possible to tell Android that the app shouldn't be killed. If you have many other apps running or not so much memory, this isn't always enough. I have been thinking about implementing QuickUnlock in another way which would always work even if the app gets killed. But that would mean that I would have to save parts of the password in settings or on the internal memory. I am not yet convinced that this is safe enough. I might add it an an option, though. What do you think?
  • I know that switching keyboards is somewhat annoying, but Android makes it impossible to automate it (for security reasons). As I don't know which fields will be filled, I don't even know when the users wants to switch. That's why I added the keyboard key which makes switching at least a bit easier.
Jul 28, 2013 at 8:25 PM
I see. So, the QuickUnlock key only applies for as long as the db is loaded, not between sessions, right? It makes sense, as otherwise KP2A would have to store the full password somewhere for the next session, which is not good. So, the whole point is to make sure KP2A remains alive. I thought Firefox was to blame, possibly taking up lots of RAM, but today Dolphin, Chrome and Firefox seem to work fine. It may be that when I was writing my earlier report, something was happening in the background and Android was kicking things out to make space. Android's memory management, however smart they claim it to be, never ceases to annoy me.

It seems we can't do very much about the keyboard, but it's not a huge problem. To me the real issue is not having to enter the full password.