A entry-based password manager? - Feddit
feddit.de
I dont agree with many things apple does at all, and I also think their password manager has flaws like revealing usernames without authentification. It is pretty handy though, to have a file where the entries are stored unencrypted, and if the password manager detects an entry it prompts to decrypt exactly that field, maybe with a fingerprint. KeepassDX needs to run in the background and be completely unlocked to even detect apps or password fields. Do you know any existing app that can do this?

Thanks for all the comments. Currently I use KeepassXD/DX + Syncthing.

I hash my password with fingerprint on Android, keep a seperate database containing that one in another place for backup. Maybe thats stupid, but I cant type on a phone.

On Linux I use KWallet, store the Keepass password there, and have a shortcut fetching that password and inserting it into the Keepass wallet using KeepassXC. Works with one click too.

Problems

  • all entries are either locked or unlocked
  • to have autofill working, the app cant be killed (Android)
  • also, all passwords need to be decrypted for it to work

I dont see that this is the best solution. Decrypted, maybe hashed metadata possible to detect autofill fields, and then selectively unlock the needed credentials, would be better.

  • Vexz@kbin.social
    8·
    11 months ago

    I don’t know about iOS but if you use an Android you can try Bitwarden. It detects credential fields and when you tap in them a little popup appers that offers Bitwarden to auto-fill these fields. When you then tap on that it opens Bitwarden and it offers all fitting entries from your vault. Select the one you want to use and then it fills the fields.
    Maybe that’s what you’re looking for? I really love that feature.

    • Pantherina@feddit.deOP
      1·
      11 months ago

      Thanks but I guess their db works exactly like Keepass. It has to be fully unlocked for that to work, and I dont know if that makes sense.

      • Benign@kbin.social
        1·
        11 months ago

        Works like this for me:
        Tap password field
        Bitwarden pops up requesting fingerprint to unlock
        Select the credentials you want to use
        Autofill

        Not quite sure what you mean by fully unlocked here. I don’t see the problem with all credentials being unlocked if you have to unlock on every access to the db.

      • Vexz@kbin.social
        1·
        11 months ago

        No, it doesn’t. I just tested it. I restarted my phone to make sure Bitwarden is closed, Opened the browser and opened a website where I have an account. In the login mask where I was prompted to insert my credentials the little popup appeared and when I tapped on it Bitwarden opened. It wanted me to enter my Master-Password so I did just that and it opened the DB to offer me the entries for auto-fill. You can even set a preference to immediately lock the DB after a single use and to always prompt the Master-Password (+ 2FA (optionally)) if you want.

        Edit: Hell, you could even make it completely sign you out after every single use so you’d have to re-enter your email address, Master-Password and TOTP for 2FA. Not even KeePass offers you that level of security because you don’t need a username for your DB.

      • Stephen304@lemmy.ml
        1·
        11 months ago

        You can actually keep it locked and it still works. It just prompts you to unlock it when you press the auto fill button. It also means that it won’t show autofill suggestions on the login screen and just a generic bitwarden autofill button. You can change how long it stays unlocked for between immediately to any custom number of hours / minutes or only on app restart.

    • max@feddit.nl
      1·
      11 months ago

      +1 for Bitwarden, regardless of platform, and regardless of whether it ticks all your boxes or not. It’s just good.