Add confirmation prior to entry-level Auto-Type #4939
Comments
kraoli
changed the title
droidmonkey
changed the title
|
For new users, tell me if my new documentation is confusing or can be improved: https://staging.keepassxc.org/docs/KeePassXC_UserGuide.html#_auto_type |
|
@droidmonkey Thanks for having a look. I read the article and I from my point of view its well written. When I showed KeypassXC to two non tech users the main problem was not the documentation, but just that they need to understand the conceptual difference. My only idea for enhancement for the documentation is to give a very short example why you need both ways at the start. I know, it's explained later already, but this might anwer a question already in the introduction about the 'why'. I added a rough idea below to show what I mean. And I also found one typo, I guess it the intention was 'directly'? (marked as bold). https://staging.keepassxc.org/docs/KeePassXC_UserGuide.html#_auto_type The idea behind global Auto-Type is to let KeypassXC do everything automatically with just a shortcut when you see a login field. Auto-Type on entry level is a better alternative to copy and paste an individual entry, because the data is not stored in the clipboard that could be accessed by other applications too. |
|
@droidmonkey: In the last days I had thought about the solution again. I think the confirmation dialog before Auto-Type in all cases is great. But I would even prefer it, in addition, to disable the Auto-Type per entry completely out of the toolbar and also the shortcut CTRL+SHIFT+V via option. Maybe even disable Auto-Type per entry completely by user option on demand? Not sure. Why?
I like the idea to have the possibility to configure KeypassXC really 'simple & stupid' with every potential risk by human error minimized as much as possible. The global Auto-Type has an additional safety net by the window/url title filter, so the computer checks it even when you're sleppy and do a mistake. I would be happy to hear some other opinion about it. |
|
There is no sense in disabling auto-type per entry, unless it is disabled by default, in which case people would complain that auto-type didn't work. Relying on the user to selectively change a checkbox for each entry they deem so critical as to prevent a mistaken keypresss is silly. The confirmation box alleviates all problems with the current entry level auto-type without any configuration. We can't protect you from yourself. |
|
I see your point to some extend. It's your decision of course how to handle it. But I would like trying to explain my thoughts again one time. I think it's not wrong to have a design that can protect from your own mistakes. A lot of industrial machines are build with this in mind. It's like reducing the attack surface. The idea is not to remove it the function. Just an option to disable the auto-type per entry function in case a user doesn't need it. Be it a global disable in settings/general/auto-type. Or as a second option beside the option "enable auto type for this entry", like "enable global auto type for this entry" & "enable auto type per entry for this entry". I understand the use-case for it. And I have no idea how many people use auto-type per entry, but at least I almost never need it and like to use the more secure global Auto-Type only.
So I have the choice to disable auto-type completely for the entry to be 100% safe, or to have an unnecessary very small risk due to auto-type per entry, because it's not filtered by window title etc. |
|
@droidmonkey Let me add one last sentence. :) To be honest, I'm not sure about the best solution, possible that there is a complete different approach to prevent this. Like an global option to enabling filters also for auto-type per entry or so. I'm not sure. But I think the described problem is something that is not wrong to think about and a real, even though a very small, weakness in the usability. The dialog makes it already a lot better. Thanks for that! I would just prefer it to be able to go one step further and have an almost 100% solution. |
|
Sorry for adding another post. But I just checked Keypass. They seem to have exactly this policy, disable auto-type per entry, while keeping global autotype enabled. Have a look at Keypass 2.45 Tools/Options/Policy with the entry 'Auto-Type - without Context - Allow auto-typing using 'Perform auto-type' |
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix #4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
* Show the sequence that will be typed when performing the default action * Combine default sequence action with Username / Password options * Fix keepassxreboot#4939 - confirm prior to performing entry level auto-type if "Always Ask Before Auto-Type" is enabled
First, thank you so much for KeypassXC. Such an important software.
Summary
Due to a the way autoType works for a user, it's thinkable that passwords are leaked easily due to human error. This possibility can easily be prevented by some usability enhancement.
What's the problem?
KeypasXC has two types of autoType :
You can set the global autoType up that you have to confirm the action in a small popup before anything is autotyped.
You can't do it for autoType per entry.
That means, when you click on the wrong entry or press Ctrl+Shift+V by accident with an open keypass, the password will be autotyped to the window with the last focus at once.
Since human errors happen, I find this a bit dangerous. It's very unlikely that you leak information this way, but it's possible. Since we use a security product, I think nitpicking is important and also to have a look at how to prevent human error.
Suggestion:
I see different ways to enhance this.
A) Give an option that executing autoType must be confirmed additionally in a small popup or dialog with the window target and used entry visble in any case. We have exactly this already for the global autotype. But not for the autoType per entry.
B) Give an preference to disable autoType per entry completely (means no button in the toolbar, no context menu entry, no Ctrl+Shift+V).
I like the idea that I always have to confirm a small popup with the information 'what entry and which window' before anything is autoTyped. Just as a safety net.
Examples
Two very simple use-case as an example:
1)
Now you're on the telefon while doing it and do not notice you action (human error). You just think, oh I must have minimized the KeypassXC window and continue with your work.
Context
[NOTE]:
You can already disable autoType per entry or group. But you can only disable it completely, so it doesn't work anymore with global autoType too. (e.g. by uncheck 'Enable Auto-type for this entry'). So this is not a solution.
I would like to have this enhancement sooner than later. I try to use KeypassXC for everything since some week and I have to express, I feel a bit uncomforable currently with all my different chat windows etc. open while using KeypassXC with autotype. I double check every action I do all the time and even close by chats because I'm afraid to click on something wrong.
When I show KeypassXC to non tech users, they often find it confusing to have two ways of autotype. I can understand why you have it implemented autoType per entry as a possibility. Makes sense. But I think especially for these users it's actually rather dangerous like it is now.
The text was updated successfully, but these errors were encountered: