I would like a convenient way to get K-9 Mail to forget my e-mail server passwords.
The problem is many websites these days are doing logins with no password, just need to get an e-mail and click. And, of course, e-mail has been used to reset passwords forever. I have decided this is all too dangerous for me. I carry my phone everywhere, if someone manages to grab it in an unlocked state, my entire life could be pretty much stolen via my e-mail.
So I would like a button that says something like “Forget e-mail passwords”, and I would like a timed feature, something like “Forget e-mail passwords after __ minutes.”.
Have you thought about setting up Google’s “Find my device” service (or similar from Samsung, Oppo, …). If your device is lost or stolen, you can remotely wipe the device.
I am asking because you want a feature specifically for K-9 based on a security risk that also applies to any browsers with active sessions (GitHub, Social Media, …) as well as apps (Mobile Banking, 2FA, …).
There are also other apps similar to “Find my device” that offer features beyond that basic functionality of remote wipes. E.g. wiping after X unsuccessful unlock attempts or Wiping after X hours without unlock.
I do have the ability to “find my device”, and that is good.
But I don’t want to be obligated to have to find some other device, log in, and move fast. I would like to not just leave that door standing open.
As for other risks on my phone: I don’t have browser sessions logged into anything important. I don’t have banking apps on my phone. My e-mail is the biggest risk. And, as it is, disabling K-9 is cumbersome.
If you have your phone encrypted, which is usually the default on Android, and a screen lock with reasonable timeout, then no one can do anything with it other than wipe it without having your password/pin. Your email passwords are not accessible until you unlock your phone. Surely you have some type of screen lock enabled already.
You are right that without the phone’s password/PIN, things are pretty safe. But people manage to get their PINs stolen. There is even a term for it: “shoulder surfing”.
I personally am pretty careful (which is why why I want this feature), and I have a long password that is going to be hard to steal by watching me enter it, but I am worried, as I wrote in my original message that “someone manages to grab it in an unlocked state”. If that happens, and the phone is kept on and prevented from locking, the risks are large.
So yes, I am aware of other precautions and workarounds, but I still think that would be a good feature to add.