Autotype with GUI "locked"
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
First of all, I want to say that I use KP regularily, and that it is really a great tool.
And I think Dominik Reichl has already so much work, just to read this forum.
So, I apologize to come with one more request.
The autotype feature is very usefull for me, but there are 2 unsatisfactory ways to use it:
1 - Have the DB locked and input the master PW and/or key each time autotype is used.
And this is VERY unconvenient.
2 - Keep the DB opened, and Autotype is always immediately available.
BUT the DB is left unprotected
I use the second possibility, but anyone having access to my computer can possibly get access to my passwords.
This includes the cleaning woman when I'm gone for a coffee, the remote help staff, WebEx, etc …
I think there is a 3rd possibility: lock the Keepass GUI (not the DB, Autotype wouldn't work).
I know security integrists won't agree, but the level of skills related to an attack must be considered:
A - The encrypted DB ist highly protected.
I feel safe having on my USB stick. I wont' be too worried if I loose the stick.
Decrypting it requires high level skills and computer power.
This is NSA skill level.
B - A locked GUI with an opened DB. The DB data could be accessed provided
Access to the computer. Not that easy in fact.
Skills to obtain and analyse memory dumps.
This is hacker level.
C - A opened DB and an uprotected GUI is accessble to anyone
Having access to the computer for some (and probably some good) reason.
This possible for anyone knowing how to use a mouse.
So, I feel the B option to protect the GUI with a password (propably the master PW) is a good compromise, and maybe not so difficult to implement.
Waiting for your comments.
Why don't you lock your computer when you leave it unattended? Saves embarrassing emails!
cheers, Paul
Of course, I do… most of the time. Almost always at work. Almost.
But not at home, cause I trust everyone but the cat. So I just activate the locked screensaver after some time.
But children can sometimes be curious, or anyone coming home.
In both cases, I would feel safer with KP not accessible with just some simple mouse clicks.
Everyone has his own reasons for using KP and his own security requirements.
AFAIC, I use KP cause the data is well protected on my USB stick, and because KP is very convenient to use with autotype.
About KP security, I think keeping the DB encrypted in memory is not very important because anyone skilled enough to be able to obtain and analyze a mem dump will probably be also skilled enough to install a keylogger or a rootkit on my computer. So the encrypted DB gives a false feeling of security. But this is just my own point of view.
I know none that is a hacker that skilled, but almost everyone I know can use an mouse an some clicks.
So for me, what is important is not to encrypt the DB on a running computer, but to lock the GUI.
Please also refer to the following thread that requests more or less the same feature.
https://sourceforge.net/projects/keepass/forums/forum/329221/topic/1881093
Anyway, all this doesn't answer my initial question: Would it be possible to add an option to just lock the GUI (but keep DB opened and Autotype working) ?
The answer is yes, the next question is will it be added. I don't think it's likely, but someone may write a plug-in.
cheers, Paul
Thank you Paul.
As I said before, I think it is not very complex to add the necessary code. But of course, It is up to Dominik Reichl to decide.
Do you think he happens to read this forum and may consider my request and/or give an answer ?
Sincerely,
Jean
Dominik reads every message and I'm sure he considers every request.
This sort of thing has been requested before and hasn't been added, which is why I said it may arrive via plug-in (plug-ins are usually contributed by others).
cheers, Paul
Yes, I saw other similar requests, and the final answer was something like "if you lock Keepass the DB is closed and encrytpted and Autotype cannot work".
But the approach I suggest is quite different: Lock the GUI, not the DB.
Jean
You are welcome to write a plug-in to do this.
cheers, Paul