Skip to content

[codex] Document Windows Hello PIN modality#148

Draft
SirAndrosBot wants to merge 1 commit into
masterfrom
codex/issue-50-pin-modality
Draft

[codex] Document Windows Hello PIN modality#148
SirAndrosBot wants to merge 1 commit into
masterfrom
codex/issue-50-pin-modality

Conversation

@SirAndrosBot

@SirAndrosBot SirAndrosBot commented Jun 20, 2026

Copy link
Copy Markdown
Collaborator

What changed

  • Removed README wording that described KeePassWinHello as specifically using “pin or biometrics” and replaced it with neutral Windows Hello wording.
  • Changed the persistent-key description from “signed with your biometry” to “protected by Windows Hello.”
  • Added an explicit note that Windows controls which Windows Hello gestures can authorize a prompt, including PIN, fingerprint, face recognition, or other configured Hello methods.
  • Added a security notice that biometric-only enforcement or PIN fallback removal must be handled in Windows Hello configuration or organizational policy, not by this plugin per prompt.

Why

Issue #50 asks for an option to remove the ability to authorize with Windows PIN while still allowing biometric Windows Hello. KeePassWinHello uses the Microsoft Passport/Windows Hello CNG provider and asks Windows Hello to require user verification. The provider surface used here does not expose a safe per-plugin switch to allow biometrics while disallowing PIN fallback.

Adding a plugin checkbox would therefore be misleading: it would imply a security guarantee the plugin cannot enforce. This PR documents the boundary clearly instead.

Refs #50

Validation

  • Worker subagent for Remove ability to sign in with windows PIN #50 initially errored due account subagent usage limit, so I continued the implementation locally.
  • Reviewer subagent reviewed the docs-only change and found no blocking issues.
  • Applied reviewer wording feedback to avoid implying biometric-only behavior.
  • git diff --check passed with only Git LF-to-CRLF working-copy warnings.
  • MSBuild.exe src\KeePassWinHello.csproj /t:Rebuild /p:Configuration=Release /p:DefineConstants=MONO /p:FrameworkPathOverride=C:\Windows\Microsoft.NET\Framework\v4.0.30319 /p:ReferencePath=C:\proj\KeePassWinHello\lib passed with 0 warnings and 0 errors.

@sonarqubecloud

sonarqubecloud Bot commented Jun 20, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SirAndrosBot @codex