17
submitted 1 year ago by Pantherina@feddit.de to c/privacy@lemmy.ml

Thanks for all the comments. Currently I use KeepassXD/DX + Syncthing.

I hash my password with fingerprint on Android, keep a seperate database containing that one in another place for backup. Maybe thats stupid, but I cant type on a phone.

On Linux I use KWallet, store the Keepass password there, and have a shortcut fetching that password and inserting it into the Keepass wallet using KeepassXC. Works with one click too.

Problems

  • all entries are either locked or unlocked
  • to have autofill working, the app cant be killed (Android)
  • also, all passwords need to be decrypted for it to work

I dont see that this is the best solution. Decrypted, maybe hashed metadata possible to detect autofill fields, and then selectively unlock the needed credentials, would be better.

top 14 comments
sorted by: hot top controversial new old
[-] Vexz@kbin.social 8 points 1 year ago

I don't know about iOS but if you use an Android you can try Bitwarden. It detects credential fields and when you tap in them a little popup appers that offers Bitwarden to auto-fill these fields. When you then tap on that it opens Bitwarden and it offers all fitting entries from your vault. Select the one you want to use and then it fills the fields.
Maybe that's what you're looking for? I really love that feature.

[-] Pantherina@feddit.de 1 points 1 year ago

Thanks but I guess their db works exactly like Keepass. It has to be fully unlocked for that to work, and I dont know if that makes sense.

[-] Vexz@kbin.social 2 points 1 year ago* (last edited 1 year ago)

No, it doesn't. I just tested it. I restarted my phone to make sure Bitwarden is closed, Opened the browser and opened a website where I have an account. In the login mask where I was prompted to insert my credentials the little popup appeared and when I tapped on it Bitwarden opened. It wanted me to enter my Master-Password so I did just that and it opened the DB to offer me the entries for auto-fill. You can even set a preference to immediately lock the DB after a single use and to always prompt the Master-Password (+ 2FA (optionally)) if you want.

Edit: Hell, you could even make it completely sign you out after every single use so you'd have to re-enter your email address, Master-Password and TOTP for 2FA. Not even KeePass offers you that level of security because you don't need a username for your DB.

[-] Benign@kbin.social 2 points 1 year ago

Works like this for me:
Tap password field
Bitwarden pops up requesting fingerprint to unlock
Select the credentials you want to use
Autofill

Not quite sure what you mean by fully unlocked here. I don't see the problem with all credentials being unlocked if you have to unlock on every access to the db.

[-] Stephen304@lemmy.ml 2 points 1 year ago

You can actually keep it locked and it still works. It just prompts you to unlock it when you press the auto fill button. It also means that it won't show autofill suggestions on the login screen and just a generic bitwarden autofill button. You can change how long it stays unlocked for between immediately to any custom number of hours / minutes or only on app restart.

[-] Pantherina@feddit.de 1 points 1 year ago

Interesting yes I think thats correct! So it actually does work on Android, just not as well on Linux, if at all with the Flatpak mess.

[-] Stephen304@lemmy.ml 2 points 1 year ago

Yeah I don't use the flatpak / desktop app at all, since I have the browser extension installed which does autofill and also has the same vault lock options as the mobile app.

[-] Pantherina@feddit.de 1 points 1 year ago

Okay thats pretty nice then

[-] max@feddit.nl 1 points 1 year ago

+1 for Bitwarden, regardless of platform, and regardless of whether it ticks all your boxes or not. It’s just good.

[-] nekusoul@lemmy.nekusoul.de 6 points 1 year ago* (last edited 1 year ago)

On Android, I'd recommend looking into Keepass2Android. I don't necessarily guarantee that it'll solve your issues, but it has lots of options and is fully compatible. At the very least, it always offer autofill for me, even when locked and there's various methods of Quick-Unlock.

As for your general problem of having all entries unlocked, that's just a necessary trait of local password managers. I don't really see it as a problem though, since I don't really see a situation where an attacker would only have access to my unlocked passwords, but not also my master password, rendering selective unlocking of entries pointless anyway.

I'd also consider getting a hardware key (YubiKey) and use that in combination with a short password for your password. Both KeePassXC and Keepass2Android support them. More secure and much more comfortable than your current solution.

[-] kumarettan@lemm.ee 1 points 1 year ago

On android, Make sure KeePassDX as the default auto fill service and also give display pop up windows while running in the background permission from system settings to the app. If that doesn't solve your problem, simply use KeePassDX magikeyboard feature.

[-] Pantherina@feddit.de 1 points 1 year ago

Also not what I am looking for, and I think KeepassDX is the more up to date app?

[-] kumarettan@lemm.ee 5 points 1 year ago

On android, Make sure KeePassDX as the default auto fill service and also give display pop up windows while running in the background permission from system settings to the app. If that doesn't solve your problem, simply use KeePassDX magikeyboard feature.

[-] Pantherina@feddit.de 1 points 1 year ago

Android keeps killing the app, it eats up too much RAM and a different solution would solve this problem I guess

this post was submitted on 17 Aug 2023
17 points (94.7% liked)

Privacy

31987 readers
520 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS