Menu

#2062 Ask for master password on copy or show item password

KeePass_2.x
open
nobody
None
5
2015-12-07
2015-12-06
cristian
No

As a user I would like to have a safe unlocked and usable environment.
The main data to keep safe are the passwords or texts generally covered by asterisk. Keeping the workspace unlocked is very conveninet when using the browser extension (chromeIPass in my case), but I'm concerned that someone may open the KeePass program while I'm away and read my passwords . Currently that risk is solved locking the workspace frequently which makes the browser experience a bit slow if you have a good strong and long master password.

My proposal is to ask for the master password in any operation that may reveal passwords, I can identify 2, copy password and unhide password.
With that feature you can keep your workspace unlocked for longer without the risk of someone opening KeePass and getting the password.

If at any point you need to get the password just copy or unhide it and be prompted for the master password.

Note:
I have a partial implementation of such feature in a private version, any pointers or documentation on how to share it or submit it?

Discussion

  • Paul

    Paul - 2015-12-07

    To make the solution workable you would need to prevent any operation that might reveal passwords, drag n drop, Auto-Type, export, print etc. I would never want this, imagine trying to fill in credit card information, you'd need to enter the master password several times.

    If you want to make this available as part of KeePass I suggest you write a plug-in, then it can work the way you require and you can easily add features - and I can choose not to use it. :)

    cheers, Paul

     
  • cristian

    cristian - 2015-12-07

    Thanks for the reply, I already disabled the next functionalities through policies:
    Export
    Print
    Autotype
    Drag&Drop
    Unhide Passwords

    is there any other way to get the password in clear text a part from copy?

    With my modification when I click on copy I have to enter the master password.
    The browser plugin gets most of the passwords for me so I don't have to typically worry about actually copy them.

    I don't think a plugin can do that because the change is in the core functionality of the application, I think a policy is the most suitable method, I suggest the next name: 'Copy - No Key Repeat'.

     

    Last edit: cristian 2015-12-07
  • Paul

    Paul - 2015-12-07

    All your plug-in needs to do is block the interface - keep KeePass minimised would do - then you don't need to also use policy.

    cheers, Paul

     

Log in to post a comment.