I don’t envy the developers. If they don’t find a solution pdq, they’re going to stall the uptake of Keepass and reduce password security across the piece. An ironic outcome from Mozilla’s push for increased security through Web Extensions.
Its obvious from all the contributions above that Login searching is a (possibly THE) primary function and losing it renders Kee virtually useless. We don’t need a browser based password manager that doesn’t do what we expect it to do. Might as well just stick with Keepass and copy and paste the usernames and passwords as we need them. I have over 700 secure passwords stored and the suggestion that I should set up 700 bookmarks to match is bordering on insane.
More importantly, I have spent years cajoling my own clients, friend and family into using secure password managers and the ONE THING that has persuaded most of them to give it a chance is the dual functionality represented by the Login search facility. When I demonstrate (prior to the current debacle, obviously) the ability to go to their bank site (or whatever) AND login, just by typing the first few characters of the site they need, the eyebrows raise and they’re hooked.
I cannot even imagine how I’m going to persuade any new users to use this sawn off version. Most will take the rational view that the browsers’ own built in password managers are an easier option and likely to be more stable and better supported.
I wish I could offer something more positive, like a solution, but browser security is outside my field. While I understand some of the basic security issues they (Mozilla) have addressed, particularly the need to prevent browsers acting outside their domain, if the result is to kill off the use of secure password managers, the net security effect on those who rely on them is likely to be negative.
All I can tell you is that unless this issue is resolved by a full return to the Login Searching, this project is likely doomed.
PS: Icing on the cake. Like another user (kwalker) above, I’ve just noticed that having used Kee to generate a new password for setting up my account to join this forum and create this post, it hasn’t saved the new account details and I’ve just copied the url of this thread so I can keep track of it. In the process, I’ve wiped all trace of my new password. Brilliant.
That one I DO blame developers for. If the new rules don’t permit the old functionality on something as important as new account creation, you should at least warn users - in real time and every time - that they’ll need to store the details manually. (which will put a few more off using the system in the first place but will at least prevent cockups like this)