Fingerprint unlock and --pw-stdin interaction

[foresterr]

Overview

--pw-stdin does not work in conjunction with fingerprint quick unlock (Windows Hello in this case)

Steps to Reproduce

1. Enable quick unlock
2. Open a database with --pw-stdin
3. Relock the database
4. Try to unlock the database again

Expected Behavior

At some point (at first user interaction, like calling autotype or un-traying the window; immediately if the window does not start minimized) after unlocking db with pw-stdin, KeePassXC should prompt for fingerprint (the way it currently does after inputting the password manually) if quick unlock is enabled. Subsequent quick unlocks should then be possible.

Actual Behavior

After unlocking db with pw-stdin, quick unlock does not get enabled. If the database is relocked, quick unlock is not active and it's necessary to input the password manually again (at which point, quick unlock gets enabled)

Context

The whole point of this report is that I would like to start KeePassXC at startup, unlocked, and with quick unlock via Windows Hello enabled right away. I can see that something similar was already requested in 7020, so if you consider the current behavior of pw-stdin together with quick unlock to be working as intended and not a bug, this can be closed as duplicate.

KeePassXC - Version 2.7.0
Revision: d7a9ef4

Operating System: Windows

[droidmonkey]

This is actually by design. If you are unlocking the database from the command line, then Quick Unlock is not invoked on purpose. This is to catch the use of Auto Open, which uses the same interface as command line credentials. "fixing" this will require a major overhaul in our handling of several features.

[foresterr]

OK, understood - and as I mentioned, I had a rather specific use case in mind, if it were possible to extend Quick Unlock to somehow persist between runs it could be a more sensible way then expecting it to work with command line credentials.

[droidmonkey]

I'm looking to do that for 2.7.1 or 2.7.2

[telmob]

I just dropped here after trying the Windows Hello feature and I agree the whole point of having a Windows Hello feature is to facilitate the database opening. And it actually increased an extra step in opening the database when starting the computer. I really want to use KeePassXC in both my Windows and Linux systems :) Not criticizing! Just giving my 'vote' on the subject.

[droidmonkey]

whole point of having a Windows Hello feature is to facilitate the database opening

Somewhat untrue, the point of quick unlock is to facilitate unlocking the database AFTER initial opening. Remembering your credentials for initial unlock is planned but not the primary purpose or intent of quick unlock.

[telmob]

whole point of having a Windows Hello feature is to facilitate the database opening

Somewhat untrue, the point of quick unlock is to facilitate unlocking the database AFTER initial opening. Remembering your credentials for initial unlock is planned but not the primary purpose or intent of quick unlock.

If you consider the situation where, like me, many users only lock the database when locking the screen or when the computer enters standby. Every time you turn on your computer, you have an extra step to open the database. It's not practical. Quick-unlock becomes slow-unlock :) Just my opinion, ofcourse.

[telmob]

whole point of having a Windows Hello feature is to facilitate the database opening

Somewhat untrue, the point of quick unlock is to facilitate unlocking the database AFTER initial opening. Remembering your credentials for initial unlock is planned but not the primary purpose or intent of quick unlock.

If you consider the situation where, like me, many users only lock the database when locking the screen or when the computer enters standby. Every time you turn on your computer, you have an extra step to open the database. It's not practical.
Quick-unlock becomes slow-unlock. :) Just my opinion ofcourse.

[droidmonkey]

This is replaced by #9023