How to use passwords without being able to read them?

Hi.

I tried to move from Firefox Lockwise to Keepass and Kee today. I found one drawback that stops me and like to know, if there is a solution to my use case. I like to enter the master key only once for each run of Firefox.

When using Firefox Lockwise I have to enter the master key only once to use the stored passwords for browsing and log in. Only if I like to view, copy, edit passwords, I have to enter it another time.

When using Kee (and KeePass) I have two options:

  • Either: Keep KeePass Unlocked, but then anyone accessing my computer can read/export all my passwords in KeePass
  • Or: Whenever I need login information, I have to unlock keepass first.

Neither of these options is to my liking. I like KeePass to be in a state in which no one can see the passwords, copy them to the clipboard or export them, but still have Kee being able to access them (so anyone can use them to log into my accounts in the browser, until I close it).

Of course, this is in large parts a keepass and not a kee question. But, if I were to find a plugin in keepass that creates that third medium-locked state, I wouldn’t know how it interacts with Kee via KeePassRPC.

Thank you for creating Kee!
Oliver

Hmm. Maybe this is just about having a simpler “Unlock” in keepass.

I just realized that on my phone I have to unlock the lockwise database everytime Safari uses it. But, since I can use fingerprint ID it does not bother me that much. On the other hand, I usually have much less login dialogs on my phone than on my PC.

There is a plugin KeePassQuickUnlock
https://github.com/JanisEst/KeePassQuickUnlock/releases

1 Like

The use how u describe isn’t possible.

In KeePass, the whole db is encrypted together. KeePass uses master password to decrypt the whole db and stores it decrypted on RAM. While it’s decrypted on RAM, any malware with properly high privilege will be able to read and copy it, so we shouldn’t keep the DB opened longer than needed.

It’s not possible to not have db in a state that “no one” can “read it” but still KeePassRPC is able to. Any way we have that KeePassRPC is able to access decrypted db, a malware will be able to.

That being said, there are a few plugins that make decrypting more user friendly without compromising Security. I use LockAssist’s quick unlock feature, he has some detailed description on why, if we trust db file and its master password we can trust it too.

1 Like