Missing Setting to force specific entries to confirm autotype

Thorsten
2014-04-15
2014-04-22
  • Thorsten
    Thorsten
    2014-04-15

    When using Global Auto-Type, I am missing an option to force a confirmation by the entry window (which will be displayed if more than 1 matches).
    Background:
    If you have configured a Global Auto Type on a Windowname like "Sign In", the problem might appear that you get on site B, press autotype and it has by accident the same not good defined window-title.
    Here a setting would be great to force the display of the window, even if only one entry matches.

     
  • wellread1
    wellread1
    2014-04-16

    A setting is not necessary. KeePass by default displays an "Auto-Type Entry Selection" dialog from which you can select the appropriate sequence if there is more than one auto-type match (e.g. multiple "Sign In" auto-type sequences). If the selection dialog is not displayed it is because there is only a single match in the database.

     
  • Thorsten
    Thorsten
    2014-04-16

    You missed my point.
    It is actually exact that moment when only one entry matches.
    If this is an entry for a secure site (maybe in your company something like central security management) which has only the option to filter on "Sign In" and you connect to www.istealyourdata.com (only a jukoe url, could also be google or whatever) and you hit Global Auto Type, then your "Secure" credentials would be automatically sent to that site.
    This can also happen even if you had the site title in your keepass for eg. Google, but google changed the site title to Sign In.
    As said, this would lead to an entry in googles database, giving them a false login with my username and my password.
    Thats why this feature would be valid to set this valuable login to "always ask before sending global autotype"

     
  • wellread1
    wellread1
    2014-04-16

    There are a few generic Window titles such as "Sign In". However, if you already have multiple auto-type sequences based on a generic Window Title then you will see the "Auto-Type Entry Selection" dialog. A confirmation dialog for every unique Global Auto-Type would soon become a nuisance.

    There could be some pages where you don't want to auto-type into the web page without getting a chance to confirm. In those cases you can force KeePass to display an "Auto-Type Entry Selection" dialog by creating a dummy, matching custom auto-type sequence, either in a entry dedicated to that purpose (It could manage multiple sites with different Window Titles) or in the important entry itself. If a dummy entry is used, it could have a distinctive icon and title, and the sequence could omit all data.

     
    Last edit: wellread1 2014-04-16
  • Paul
    Paul
    2014-04-16

    Does it matter if you send a secure password to a random site? How will the random site know where to use your data? If you only ever use one password it would be a problem, but you use KeePass and have a different password for every site.

    cheers, Paul

     
  • Thorsten
    Thorsten
    2014-04-22

    I wonder if we are talking about a security app here?
    To send data to a false site, leaving them with some login data, that they could try to brute force on different sites?
    It was just a suggestion to enhance the security of the app, that in my eyes makes sense.
    We had the RDP Problem, which led btw. to producing eventlog-entries with username and password in one field, our security office was not really amused.
    The same could happen here with a domain account, where you can not have a differnt password on different sites.

     
  • Paul
    Paul
    2014-04-22

    Wow, your security office trawls logs for passwords. That is tough.
    In this instance I don't think any application that allows you to get the credentials into the wrong site is applicable, so disabling Global Auto-Type may be the best option.
    (I'm not trying to be sarcastic BTW.)

    cheers, Paul