diff --git a/server/conf.php b/server/conf.php
index dbc8844..7810292 100644
--- a/server/conf.php
+++ b/server/conf.php
@@ -79,4 +79,8 @@ $MAX_PASSWORDS_PER_REQUEST=10;
  */
 $REQUESTS_MIN_DELAY=1000;
 
+/*
+  Clear master keys and reset passwords after 15 minutes of inactivity
+ */
+$CLEAR_TIME=15*60*1000;
 ?>
\ No newline at end of file
diff --git a/server/index.php b/server/index.php
index 321abab..fbd82e3 100644
--- a/server/index.php
+++ b/server/index.php
@@ -79,6 +79,7 @@ else
     <script language="javascript">
     <?php
     echo "pkdbf2_level=$PKDBF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
+    echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n";
     ?>
     </script>
     <script src="resources/jsaes.js"></script>
diff --git a/server/resources/gpass.js b/server/resources/gpass.js
index 8ec3e86..39e23ae 100755
--- a/server/resources/gpass.js
+++ b/server/resources/gpass.js
@@ -129,6 +129,7 @@ function derive_mkey(user, mkey)
 var passwords;
 var current_user = "";
 var current_mkey = "";
+var clearTimer = null;
 
 function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
     this.ciphered_login = ciphered_login;
@@ -142,6 +143,16 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
     this.shadow_login = shadow_login;
     this.access_token = "";
 
+    this.reset = function()
+    {
+	this.unciphered = false;
+	this.clear_url = "";
+	this.clear_login = "";
+	this.clear_password = "";
+	this.masterkey = "";
+	this.salt = salt;
+    }
+
     this.encrypt = function(masterkey)
     {
 	if (masterkey == this.masterkey)
@@ -231,6 +242,37 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
     }
 }
 
+function clearMasterKey()
+{
+    current_mkey = "";
+
+    for(i=0; i<passwords.length; i++)
+    {
+	passwords[i].reset();
+    }
+}
+
+function stopClearTimer()
+{
+    if (clearTimer)
+    {
+	clearTimeout(clearTimer);
+	clearTimer = null;
+    }
+}
+
+function startClearTimer()
+{
+    stopClearTimer();
+    clearTimer = setTimeout(
+	function()
+	{
+	    clearMasterKey();
+	    change_master_key(false);
+	}
+	, CLEAR_TIME);
+}
+
 function list_all_entries(user)
 {
     passwords = new Array();
@@ -500,10 +542,17 @@ function update_master_key(warning_unciphered)
     current_mkey = document.getElementById("master_key").value;
 
     if (current_mkey != "")
+    {
 	current_mkey = derive_mkey(current_user, current_mkey);
+	startClearTimer();
+    }
     else
+    {
 	// Disable warning on empty master key (clear passwords from others)
 	warning_unciphered = false;
+	stopClearTimer();
+	clearMasterKey();
+    }
 
     change_master_key(warning_unciphered);
 }
@@ -656,6 +705,8 @@ function add_password()
 
 function delete_entry(entry_number)
 {
+    startClearTimer();
+
     entry = document.getElementById(entry_number);
 
     if (entry == null) {
@@ -720,6 +771,8 @@ function update_entry(entry_number)
     var mkey = "";
     var ciphered_login;
 
+    startClearTimer();
+
     entry = document.getElementById(entry_number);
 
     if (entry == null) {
@@ -845,6 +898,8 @@ function makeText(text) {
 var text_link = null;
 function export_database()
 {
+    startClearTimer();
+
     link = document.getElementById("export_link");
 
     if (text_link != null) window.URL.revokeObjectURL(text_link);
