Hot key: auto-type password only
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
#1890 Hot key: auto-type password only
Would it be possible to implement a hot key that sends a secondary auto-type sequence specified for the entry (that implies adding a new input field to the edit/add dialogue)? This would save me a lot of time in cases where you're practically forced to store accounts (Google...) and you only have an input field for the password. It would also be useful when changing passwords on sites.
This has been discussed here recently.
https://sourceforge.net/p/keepass/discussion/329220/thread/a063fe80/#17d2
cheers, Paul
This would be a very useful feature and should also be easy to implement.
This would be VERY useful!
This is a lot better than having to create duplicate entries in KP that will only auto type the pwd.
1) This will allow you to only have ONE entry for a site in KP (easy to maintain should the title change or any other information that you have stored in the KP entry).
2) Faster - since you don’t have to pick an entry (normal auto type entry or pwd only auto type entry from the popup).
See the trigger for adding this as a button.
http://keepass.info/help/kb/trigger_examples.html#atpwonly
cheers, Paul
I might misunderstand how this trigger works - but it looks like I still have to open up the keypass application and pick the entry I want to use and then press the "new button" every time I just want to auto type the password.
The alternate auto type key that would do this would be:
a) WAY faster to use since I would not have to do any of the steps above.
b) WAY simpler and intuitive to use.
KeePass caters for the majority of circumstances, where you want both user name and password. If you have a specific site where you only need the password set up an Auto-Type entry to do that.
cheers, Paul
Paul – we all LOVE the current default auto type option and DON’T want to change it as it handles the majority of cases!
The password only auto type feature will be fantastic enhancement to handle sites like Google, Amazon and my other large sites that prompt you for username and pwd the first time and then when the log in time expires they only prompt you for the pwd.
This has been requested by multiple people in these forums but you keep responding with the following 2 workarounds:
a)The trigger option (that I explained is just as cumbersome as opening Keypass and copy and pasting the pwd manually)
b)Create duplicate entries with different autotype options (that I also explained creates unnecessary duplication of info in Keypass as well as another prompt to pick the auto type entry you want (that would have been automatically determined by the auto type key you pressed).
Auto type rocks – adding pwd only auto type would rock more!
A global auto-type style 'password-only' auto-type hot key offers a one-keystroke advantage for one narrow situation, (i.e. when the required key stroke sequence is limited to two choices, and one of the the choices is: type the password only). In the relevant case, it saves one click by moving the user's decision from picking the correct key-stroke sequence from a list (a binary choice in the 'Auto-Type Entry Selection' dialog), to deciding which hot key to press based on the displayed page.
A password only, window title matching hot key, does not provide any advantage for two common variants of the 'username & password' vs 'password-only' web page:
A password only, window title matching hot key, increases the complexity of the user environment by adding a second global key that addresses a narrow issue, but does not provide a general solution to ambiguous Window Title matching. Common situations that will still produce the 'Auto-Type Entry Selection' dialog are:
I also think it is debatable whether a second global auto-type hot-key would be a zero-configuration feature, because Target Windows are defined in two locations in an entry, the Target Window for entry title matching can be disabled in options, and the Custom Auto-type feature permits defining unlimited Target Windows.
It may be possible to devise an elegant, second global auto-type style hot key feature, but I don't think it is quite as straightforward as some posters think. A plugin might be a better choice for implementing such a feature. A plugin could also explore the scope and value of multiple hot keys.
Aside: I think users should complain to Google about the logon procedures that are hostile to password managers. I suspect these procedures have more to do with increasing the quantity and quality of tracking data, by keeping the user logged in to the services and discouraging multiple accounts, than it does about user convenience and security.
Last edit: wellread1 2014-09-29
wellread1, please allow me to respond to each of the points above:
A global auto-type style 'password-only' auto-type hot key offers a one-keystroke advantage for one narrow situation, (i.e. when the required key stroke sequence is limited to two choices, and one of the choices is: type the password only). In the relevant case, it saves one click by moving the user's decision from picking the correct key-stroke sequence from a list (a binary choice in the 'Auto-Type Entry Selection' dialog), to deciding which hot key to press based on the displayed page.
Response: This will also create duplicate entries for the same site in your kp database that need to be maintained when (the title changes, url changes or any other notes you keep in for each entry). So it is slower to use and will make your kp db unnecessary big.
A password only, window title matching hot key, does not provide any advantage for two common variants of the 'username & password' vs 'password-only' web page:
User has multiple accounts at the same site (e.g. multiple google accounts),
Response: Advantage would be that you have to pick from one entry for each google account vs your option of 2x as many entries that you would see if you have separate entries for "username and pwd" and "pwd" only auto type.
A multi-page site whose pages have the same title, but that require more than two different key stroke sequence choices, even if one happens to be a password-only, e.g. some banks that ask security questions during login.
Response: The bank account that I have encountered always prompt you for your username followed by whatever extra log in criteria. When your session expires (your need to login from scratch). For these sites you usually need to modify your default auto type sequence in any case to make regular login work.
*Response: For all OTHER sites that prompt for password only it is would rock having password only hotkey!!!!
This list of sites grow daily and it is currently already the case with key sites like google amazone and many more.
A password only, window title matching hot key, increases the complexity of the user environment by adding a second global key that addresses a narrow issue, but does not provide a general solution to ambiguous Window Title matching. Common situations that will still produce the 'Auto-Type Entry Selection' dialog are:
Sites that require different key stroke sequences depending on how you arrived at the page (e.g. amazon).
Response: This is already part of KP. Just add the title to the auto type page. Whatever auto type key you pressed will be executed – no issue.
Sites with ambiguous web page titles (e.g. 'login').
Response: This is already a problem on websites today with only one auto type sequence. Only if a matching title is found then the appropriate key sequence would be executed for whatever auto type key you pressed.
I also think it is debatable whether a second global auto-type hot-key would be a zero-configuration feature, because Target Windows are defined in two locations, the Target Window for entry title matching can be disabled in options, and the Custom Auto-type feature permits defining unlimited Target Windows.
Response: Don’t understand your problem but if auto type is enabled then I would expect the alternate auto type would be enabled also. I nice feature might be to have a second check box – disable alternate auto type key – to make it more flexible.
It may be possible to devise an elegant global auto-type style hot key feature, but I don't think it is quite as straightforward as some posters think. A plugin might be a better choice for implementing such a feature. A plugin could also explore the scope and value of multiple hot keys.
Response: I was not belittling the work or effort it would take. I was only stating that this has been asked for by multiple people in this forum and would be an awesome addition to a fantastic piece of software. I do try to avoid plugins because they tend to break when the core application should change drastically. That is why I prefer it to be part of the core.
Just two auto-type sequences are required, not duplicate KeePass entries.
The elimination of one-click in the workflow when the feature is applicable, is offset by the ease and reliability of making a selection from a uniformly presented two choice list.
True, but the one-click reduction in the workflow is lost, and a well labeled list is not difficult to select from. The limited benefit persists in this situation.
As I understand your rebuttal, the bank login is another example of a type of login where a password only global auto-type hot key is inappropriate. I agree that the applicability of a password-only global auto-type hot key feature is limited.
FYI: See an example "Auto-Type Entry Selection" dialog that is convenient to use at a bank site.
If we are going to trade opinions, it is my opinion that the real benefit of a second global hot-key is minimal at best, and possibly a net zero or negative depending on how one weights the added complexity.
The point of describing common situations that aren't solved by a second global auto-type hot key is that the proposed feature has limited applicability.
The complication(s) that must be dealt with elegantly arise from: (a) the two locations in each entry for Target Window title matching (the entry Title, and custom auto-type Target Window strings); (b) the existing option that disables entry Title matching; (c) the potential for multiple, independent, matching Target Windows in an entry that may or may not be suitable for generating a password-only sequence:
Possible approaches:
Notes:
Every approach I can think of (above) has some disadvantage or complication.
The expectation, expressed earlier, that the 2nd global hot key should be active for situations where there are multiple matches also creates a need to generate an appropriate label for display in the Auto-Type Entry Selection dialog.
A possible implementation of the sequence designation scheme (1st approach) that would not require a database format change, could use a non-executing keyword in the keystroke sequence (e.g. use a special comment placeholder) to flag an user defined Target Window as a candidate for a password-only sequence. Such an implementation would not require a database format change. (However it is almost as much work as defining a second auto-type sequence and overloading the sequence is certainly more complicated than not.)
A plugin allows a user, that thinks they might value a particular feature, to try or use it without complicating the core KeePass feature set. My opinion is that the benefit of a second global auto-type hot key is minimal, and that it would steepen the auto-type feature learning curve. Many users already find auto-type challenging to learn and use.
I come back to this forum a few times per year to see how discussions of this topic have progressed. It's usually when a new release is available but I don't see this in the list of Enhancements. While there are a number of people asking for the feature, there are a vocal few who don't see the value. While I can't disagree with an individual's preference and logic for why he doesn't want or need a feature, or the complexities that he sees, we can't dismiss the remaining group of people who find this to be a daily issue for which they'd like to see a resolution.
I'm as OK as anyone with having two type sequences per page, and then selecting the right one for the specific instance. But as has been said before, the number of sites that ask for password-only is growing, so I have an increasing number of site references with duplicate auto-types, different only in the elimination of the {USERNAME}{TAB} component. The need for double-entry has gotten rather irritating over this long period of time - as much as one would get irritated at having to re-enter their phone number into an automated phone system as they move through a script.
I'd really like to take a shot at making this enhancement as a plugin, just for those of us who might want it. But while I'm a competent C# developer I'm just not familiar with the hooks for KeePass development yet, I think this might require a core change, and frankly my time is fully occupied with other FOSS endeavors and it's tough for me to learn a completely new API for something that a lot of other people seem to want.
So I'm adding my voice here to request this feature: Another global key sequence which will go through the exact same logic, but when typing the auto-type sequence it will start at a location within the sequence, not at the beginning. The location can be identified with a new keyword: {PASSWORDONLY}. I understand some underpinnings are required and an addition to the options UI, but from an implementation standpoint that's not tough at all.
And I understand that some people find auto-type to be too complex already. That's just tough. I completely disagree with dumbing-down an application because some of the users are unsophisticated - we already see too much of that in Facebook, Google apps, and everywhere else. KeePass is excellent software which has features for all user levels - and as a power user, I want to get more out of it. Anyone who doesn't "get it" doesn't need to set the new key sequence or add the new keyword to their entries.
Thanks for your time.
(Another discussion on this topic: https://sourceforge.net/p/keepass/discussion/329220/thread/deccac80)
I agree that a plug-in is the best way to add this enhancement. All we need is a C# programmer with too much time on their hands.
cheers, Paul
Well, not that I have too much time, but I'll volunteer to try this if someone can lead me to some docs to fast-track my introduction to plugin development with KeepPass. I don't mind taking time to write code, enjoy it in fact. I just don't want to spend a ton of time learning an API for a product that I'm using on a regular basis.
As I said before, the solution I would attempt to implement is:
1) to intercept a new key sequence
2) to set a flag when that sequence is used
3) when an auto-type entry is selected, if that flag is set, parse the text for {PASSWORDONLY} before executing the sequence
That's it for starters. I'd appreciate any assistance on where these hooks can be implemented via the API ... and if we cannot do that via the API, I'd like to know ahead of time so that I don't waste time.
Thanks for any collaboration on this.
For a general introduction to KeePass 2.x plugin development, see
http://keepass.info/help/v2_dev/plg_index.html
A system-wide hot key can be registered using the RegisterHotKey Windows API function (which you need to P/Invoke). For the message target, create an invisible window. For an example, you can have a look at the 'HotKeyEnabler' plugin (mainly the file 'HotKeyInternals.cs'):
http://keepass.info/plugins.html#hke
When the user presses your system-wide hot key, you need to find matching entries (and here you cannot reuse the existing code in KeePass). You mainly want to copy the method AutoType.PerformGlobal and adapt it to your requirements. For finally doing the auto-type, use the AutoType.PerformIntoCurrentWindow method.
In order to prevent KeePass being confused by your {PASSWORDONLY} placeholder during a regular auto-type, you should subscribe to the SprEngine.FilterCompile event and remove any {PASSWORDONLY} placeholders in the handler. Furthermore, add your placeholder to the SprEngine.FilterPlaceholderHints list. Please read the comment in the SprEngine.cs file.
I don't see any real obstacles. The only ugly part will be to duplicate the entry/window matching code.
Best regards,
Dominik
After thinking a bit more about this, I believe you don't even have to duplicate the entry/window matching code. Instead, you can subscribe to the AutoType.FilterCompilePre event; in the handler overwrite the sequence to your custom one if and only if the auto-type operation was invoked by your plugin (using AutoType.PerformGlobal instead of AutoType.PerformIntoCurrentWindow, such that KeePass does the matching).
Best regards,
Dominik
I ended up here because I was looking for this feature.
Why I wanted that ? More and more companies ask for the password when you do some "sensitive" actions (which is good), but a lot disable copy/pasting (which is dumb and extremely annoying).
A password autotype only would work well here.
If someone does a plugin, I'm interested !
Did you check out the trigger suggestion above (2014-09-27)?
cheers, Paul
Since v 1.0 the KPEnhancedEntryView plugin can conveniently, via the context menu, perform context insensitive auto-type of all built-in and custom string field values displayed in the Fields View. This includes the entry's password.
Still think this feature should to be added to core. It would be very useful and expand on a great feature that many already rely on. I don't know haow hard/easy this would be, but of course I appreciate all the time/effort that Dom and others in the community have put into improving this software.
The problem with relying on a plugin for this is that some people (myself included) use Auto-Type specifically because they don't want to rely on plugins for user/pass entry. I've tried several other methods and usually they add unnecessary complexity when it comes to setup & usage or there's some other negative effect like cluttering the note field in my entries.
Some sites, like google, will have pages that ask for user/pass and some that only ask for your password (with no username field available). I consider myself somewhat technically savvy and many times it's unclear exactly when the site will ask for which entry and there's no way (using URL/title) to create an secondary auto-type that only appears at the right time. I don't believe creating a secondary auto-type for this type of situation is realistic for most users for several reasons:
+The need for password-only entry happens often across an increasing amount of sites, but it still not prevalent enough to make it the default entry for my groups/entries.
+Adding two auto-types for EVERY login would slow down the usage of the the auto-type feature because you would have to manually select (Arrow keys + enter) the proper auto-type each time you login to a site instead of just hitting the appropriate hotkey.
+You never know when a site will switch to using password only pages. This means if you don't setup password-only auto-type as a second entry globally (as mentioned in point about) you end up having to modify your auto-types more often as the issue occurs. Even then you'll end up having many more entries you can't just use the auto-type shortcut for without manually selecting the proper entry for.
There are generally three types of user/pass login pages that I see on web:
Username and Password (on same page) - KeePass already handles this great
Username and Password (inputs on separate pages) - KeePass handles this well when the user adjust their auto-type for the websites to use this type of entry.
({Username}{enter){delay 2500){password}{enter})
This kind of adjustment works well for this situation because most sites that split the user/pass on the different pages don't attempt to use any other type of login. If you're not automatically logged in from a session cookie or something you ALWAYS enter your login the same. Bank of America is a good example of this I think.
Password only - Sites that use this login method will ALWAYS fall back to type 1 or 2 at some point. Either when you lose your session or when your cookie gets old/deleted. And this is why this type of login needs its own shortcut. If a site uses this method you NEED two auto-type entries. Why not just add a shortcut for a this common issue instead of making users do all types of work arounds for it? I think the need for this is common and makes sense as a core part of the software.
Again, I appreciate this great piece of software and this post is so long because I have been waiting for about 2 years for this feature to be added. I have been patiently reading the discussion on this subject and have tried to address the main reasons why this feature is needed instead of using other options some people have suggested.
Thanks for reading.
Last edit: Aaron J. White 2015-07-12
I will also love to have this feature - having in it in the System wide hot keys dialog will make it easier to use and very handy!
Just passing the word to anyone who might still be monitoring this thread...
This post by T. Bug Reporter explains how to enable additional auto-type context menu options that are disabled by default. (shown below)
Came here because I was searching on how to configure multiple auto-type hotkeys. Seems it cannot be done. Really? o)
I need at least 3 hotkeys to autotype these 3 important access details:
1. username/password (already there)
2. password only
3. TOTP code
Many more websites use TOTP 2-factor login nowadays. I discovered that KeePass can generate these codes as well, but always opening the KeePass GUI, searching for the entry and generating the code by some clicks, not really convenient (same goes for password only).
Being (not) able to paste the "TOTP" is basically the same issue as being (not) able to paste a password separately. If anyone has information on how to achieve these different autotype-hotkeys, please let the world know! Thanks in advance! o)
Last edit: tbone78 2018-05-18
You either need someone to develop a plugin for that or you use the already available options KeePass offers.
KeePass has built-in support vor HOTP, TOTP is offered by plugins only so far. Due to that I doubt that a native KeePass functionality will be developed that depends on the usage of one out of many plugins.
What about defining three autotype sequences?
1. {USERNAME}{TAB}{PASSWORD}{ENTER}
2. {PASSWORD}{ENTER}
3. {TOTP}{ENTER}
Instead of TOTP you may use whatever field your preferred OTP-Plugin provides
If only one of them matches by e.g. comparing the window title it will be autotyped automatically. If there a multiple matches the selection window will be shown and you can pick the required autotype sequence with just one more click
Last edit: Rookiestyle 2018-05-19
https://sourceforge.net/projects/alternateautotype/
Give it a try, for me it works like a charm
Hello! o) Really nice to see some progress on this, I really appreciate your efforts! Thx! o)
It actually took me some time to understand how your plugin works and I admit, I still don't get it completely, but I got the plugin working so far. I can paste password and TOTP code separately now. Thank you! o)
Why is it that I need to add {AAT} and {TOTP} placeholders to the autotype sequence of an entry to make this work? The plugin seems to look on everything after {AAT} in the autotype sequence and will use that for the alternate autotyping. Is that correct? What happens for the regular autotype action, how is {AAT} and what follows ignored and not typed?
Looks a bit workaround-ish to me, but I won't complain, this is by far better than not being able to insert the TOTP and PW separately. So don't get me wrong, I like what you did, thank you again! o)