# User stories for the *Login Sesame* project *Login Sesame* is meant to be a Free and Open Source password manager for Android. Among its main features, we should implement: - User friendly UI - Locally stored, ecrypted password vault - Secure, random password generator with different features - Secure notes area - Biometric app login (e.g. with fingerprint sensor if available) - Easy copy user/password to clipboard - ... In the following sections there are the proposed user stories to implement ## User stories ### LS-001 Passwords overview As a **registered user** I want to have an overview of my entries in my vault. Acceptance criteria: - All entries are listed in a list view - Each entry has two lines: - The first line contains the account name - The second line contains the username ### LS-002 First time account creation As an **unregistered** user, I want to be able to create an account and set my master password, so that I can add my own entries in the list. Acceptance criteria: - The application prompts the user with a text field where the user can set the master password - The master password has to meet certain security requirements (e.g. lower case and upper case letters, at least a number, special characters etc) - It can be shown that this view is only visible at only the first use of the app. ### LS-003 Create vault entry As a **registered user**, I want to be able to create a new entry in the password vault. Acceptance criteria: - There is a button that allows me to add a new item - After the button is pressed, a new window is shown where I can write the name of the account, the URL (if applicable), password and an area where I can write other information - It can be shown that this action can be cancelled - The entry can be saved either by clicking the back button or by clicking the "Save Entry" button - No password entry can exist without a *username* or *password* ### LS-004 Edit vault entry As a **registered user**, I want to be able to edit any information about an entry. Acceptance criteria: - There exists an "Edit Entry" button in the vault overview. - Tapping on the "Edit Entry" button opens the "Entry Edit" page - This action can be cancelled by tapping the "Cancel" button - The entry can be saved either by clicking the back button or by clicking the "Save Entry" button - No password entry can exist without a *username* or *password* ### LS-005 Remove vault entry As a **registered user**, I want to be able to remove an entry from the vault. Acceptance criteria: - There exists a "Delete Entry Button" - Tapping the "Delete Entry Button", a new dialog appears that says "Are you sure you want to remove the entry <name of entry>, username <username>?". The dialog also has two buttons: "Yes" and "No". Tapping "Yes", the entry specified in the message will be deleted. Tapping "No", the action is cancelled. ### LS-006 Secure vault storage As an **application user**, I want to be sure that my passwords are stored locally in a safe manner, meaning that nobody can see my passwords without having my password. Acceptance criteria: - It can be shown that the passwords are encrypted in the local storage of the device - The master password is used to encrypt/decrypt the password storage ### LS-007 Application login As an **unregistered user**, I want to be able to login into the application using my master password, so that I can view or change my vault. Acceptance criteria: - On app start, the user is prompted to input the master password which was set previously. - If the password is correct, the overview page of the app opens - If the password is wrong, the user is given visual feedback ### LS-008 Vault auto encrypt As a **registered user**, I want my vault to be auto encrypted after a configurable amount of time the app is not used, so that my passwords are kept safe. For example, if there is no input from the user, or I put the application in the background, I want the vault to be encrypted after *x* minutes. Also, if I actively close the application (i.e. it is not in the background), I expect the vault to be encrypted automatically. Acceptance criteria: - It can be shown that the password vault is encrypted automatically after a pre-configured amount of time - There exists a "Settings" area inside the application where the user can set the time after which the vault is auto-encrypted. - If the application is closed, the vault is encrypted by default ### LS-009 Change account settings As a **registered user** I want to be able to change any aspect of my personal account (email, master password, name) Acceptance criteria: - There exists an area inside the application where the user can change certain account information - For any changes to take place, the user *must* re-enter the master password. ### LS-010 Import vault from LastPass and Login Sesame format As a **registered user** I want to be able to transfer all my passwords exported from LastPass .csv file or Login Sesame format, and import them into Login Sesame. Acceptance criteria: - It can be shown that passwords can be imported from LastPass by providing a .csv file which can be exported from LastPass - It can be shown that passwords can be imported from Login Sesame's own format - After import is successful, passwords are added to the vault ### LS-011 Export vault As a **registered user** I want to be able to export my passwords stored in Login Sesame so that I can easily change to a new phone or a new password manager application should I want to. Acceptance criteria: - It can be shown that the passwords can be exported in plaintext formats (such as csv, json, xml) ### LS-012 Biometric application login As an **unregistered user**, I want to login into Login Sesame using the fingerprint sensor if my smartphone has it. If my smartphone does not have a fingerprint sensor, this functionality shall not be visible in the application. Acceptance criteria: - It can be shown that the user can login into the application using the fingerprint sensor of the device. - If the device is not equipped with a fingerprint sensor, this functionality shall be hidden from the user. ### LS-013 Generate random password As a **registered user**, I want to be able to generate a random password so that I can use it to login in to one of my online accounts. Acceptance criteria: - There exists a separate area insite the application where the user can generate random, secure passwords - The user can select the length of the password - The user can select the type of characters the password can have ### LS-014 Vault Overview sorting As a **registered user** I want to be able to sort my password vault alphabetically or by creation date, so that it is easier to find the account that I am looking for. Acceptance criteria: - The list of accounts can be sorted alphabetically (normal or reversed) - The list of accounts can be sorted by creation date (newest or oldest) ### LS-015 Delete vault As a **registered user** I want to be able to delete all the passwords stored locally on the device vault. Acceptance criteria: - There exists the possibility for the user to delete the password storage - After clicking the "Delete Vault" button, the user is given clear visual feedback that this action is not reversible. - The dialog that contains the message specified above, contains two buttons - "Yes, I am sure" - Clicking this button will delete all the stored passwords, and the page that allows the user to set a new master password is shown - "No" - Clicking this button, the vault delete action is cancelled