Lock a session with a pin after browser inactivity

[szaimen]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.
I like the ability to be always logged in to my nextcloud instance in the browser.
The problem is that if I forget to lock my operating-system account, somebody has access to all of my data and could potentionally make a lot of damage.

Describe the solution you'd like
It would be really nice, if a user was able to configure a PIN for his useraccount. After browser inactivity, Nextcloud would then present a kind of "lockscreen" where he/she should enter his pin to get access to Nextcloud again. (of course the admin should be able to reset the pin for users).

Additionally, if done right, there should be a config optionn to enable this functionality instance wide. (That the users have this "PIN" option in their security tab in their usersettings and if a PIN was set, automatically enable the lockscreen after browser inactivity.)

Describe alternatives you've considered
Technically it could be probably based on #20298 to correctly detect browser inactivity (but of course the user shouldn't get logged out).

Maybe Nextcloud Push could also be used to automatically update the UI and present the "lockscreen" to only allow access to Nextcloud after the correct PIN is entered.

BTW: it would be somehow comparable to the so called "Plex Home Pin" but without the option to change useraccounts.

[szaimen]

@nextcloud/designers is this something you could be interested in? I think this would step up the security of all useraccounts in webbrowsers by a lot!

[stefan-niedermann]

In my humble opinion this is something that should be solved on an operating system level (aka screensaver).

Actually it would be pretty annoying to return to my PC and unlock two sessions without a security benefit (from my point of view).

[szaimen]

Actually the idea was to specifically separate it from the Operating system to cover the case when you forget to lock your device or just allow somebody else to use your device for internet usage. (of course this is always a matter of trust into the person you are giving the device)

BTW: Since this is just an additional security feature, I think it would be enough to allow 4-6 Pincodes of numbers.
It should additionally only be allowed to type the pincode 3 times by default and then lock the code automatically, imo.
Also if you have more than one nextcloud tab open, it should lock them all if you are away and unlock them if you enter the correct pincode in one of them.

[szaimen]

Seems like this idea isn't wanted.