Auto-Lock, Auto-Login and Offline Entry Icons in Buttercup for Browsers
Buttercup for Browsers 2.4.0 boasts a few new cool features that help with its usability and security. To help prevent unwanted (or even unknown) requests to URLs stored within Buttercup vaults, icon-fetching for the UI has been taken offline so no requests are performed. Icons are fetched from a local cache on the user’s computer — a small collection of popular websites’ icons with a default if the domain doesn’t have an icon stored for it.
The icons are pre-fetched from the relevant domains and stored as assets with each release, removing the need for any requests when displaying entries. This does unfortunately mean that a large number of services will not receive unique icons and will instead show the default icon:
This icon update is an important step in securing our processes, and we expect a much larger improvement to occur in the coming months where most or all website icons will be available without the need to expose user location or make direct network requests.
This release also adds a completely new feature for the browser extension — Automatic locking of vaults. Vaults can now be configured to automatically close and lock after they’ve been left open (idle) for a certain period of time.
The auto-lock functionality is off by default, but can be easily switched on by changing the time setting in the Settings menu.
Once enabled, a timer is started which ticks away the idle seconds that the user isn’t interacting with the browser. If the mouse isn’t moved, the keyboard not touched or tabs not opened, updated, or closed, all open vaults will lock. This feature employs simple activity listeners that reset the timer if some kind of action is detected.
Although this feature may not be for everyone, it does introduce an important security feature that help prevent unwanted access to one’s vault. Previously this feature was only available within Buttercup’s mobile app.
The final feature added in this release is the entry auto-login process (not to be confused with the auto-login button that appears in-age on a login form). This feature provides an easy button in the browser popup menu that provides instant login to sites that support it.
If an entry’s URL links to a page with a login form, or if an entry has a login URL, then clicking the button will open the referenced page, fill the login form and log in to the site. If the login form is not found or takes multiple clicks to log in, this process won’t work. We may add support for more complex forms in the future.
Once again, here’s a big thanks to our supports who’ve help us add these amazing features. For this release tasos-ale provided the code for the auto-locking of vaults. We’re approachable on GitHub and would love to chat to you about potential submissions to the Buttercup platform — we appreciate any help or suggestions you might provide. Have a great week!
