Secure desktop sounds like (and - in my opinion - is) a great idea. However, I cannot help but think that its effectiveness is limited by the fact that it only works for the password prompt shown when opening a database or unlocking the workspace. If a keylogger records the password just once, it has compromised the password and the database.
Here is a (partial) list of master password prompts for which Keepass 2.19 does not appear to switch to the secure desktop:
*Key repeat for printing entries
*Key repeat for exporting entries
*Key repeat for changing composite master key
*Prompt for new password when changing master key
Also, would it be possible to (optionally) extend secure desktop usage to the prompt shown when creating or editing an entry? I understand that the secure desktop is secure because it is limited in terms of what can be shown on it, but this would help prevent the keylogger problem if it could be done.
Log in to post a comment.