#2655 Support for credential-less databases

[Sworddragon]

A request that is now in my mind for already quite a while: Support to setup a database that is truly credential-less (e.g. without cmd or other workarounds) - if one double-clicks such a database it immediately opens without even asking for credentials.

A simple and straightforward request - if I'm not unlucky here and prefering not encouraging users to using such databases has high priority.

The reason that this request was in my mind now for so long has also a use-case: A few years ago my most credentials were stored in Firefox since they were mostly web-related and I had a few out-of-browser credentials stored in a KeePassX (later KeePass 2) database. Since I begun to use permanent private browsing mode in Firefox I began to see the weaknesses of its password manager: No good support for private browsing mode; I also wanted to unify the database as a place for all credentials; No support for comments; I can link multiple entries in KeePass 2 to avoid redudancy and update credentials only 1 time for all of them; I also can easily store and link associated credential-related data (security questions, keys, other emergency authentication data); I'm straight off indepentent of switching the browser if that should ever happen; etc. The only drawback is the very minor negative impact in usability compared to using a builtin password manager but the advantages of using KeePass 2 are too much out of par for Firefox's password manager at this time - and I doubt any browser will achieve something that comes even close in a quite long time.

This also led me to the idea that I also could simplify storing my bookmarks (which are currently stored unprotected in Firefox's placement database - since they are not too sensitive) as while bookmarks are more simple than passwords browsers are still not free from hassle here. Switching over to KeePass 2 also gives some of the previous mentioned advantages like simple browser-independency, etc. But in such a case it would be quite an advantage if opening the bookmarks this way would be very simple - by just double-clicking the KeePass 2 database and immediately having the bookmarks ready.

I guess this is more than enough text to bore with my use-case :)
Probably some other users have similar cases and overall this would be a nice general enhancement.

[wellread1]

KeePass is a security product that employs an encrypted database. It won't implement a credential-less database, i.e., publish the database encryption key, for example, using an option, or as part of database or master key creation.

The user must provide the database master key (secret used to create the encryption key) whenever they open a database, even if the master key is trivial. That said, KeePass does allow you to open a database without prompting for the master key if you are willing to publish it on a command line. To do this, create a shortcut to KeePass and put the shortcut where you would put your database or a shortcut to it. Open the database using the shortcut.

The target window of a shortcut to open a database with an un-obfuscated empty master password would be:

"path1\KeePass.exe" "path2\database_name.kdbx" -pw:""

Note: obfuscating the empty password and using the '-pw_enc:' command-line option is a better choice. See https://keepass.info/help/base/cmdline.html for details about this option.

[Paul]

KeePass does not perform well as a bookmark manager IMO. You are better off exporting and importing bookmarks if you want to move them between browsers.

cheers, Paul