Thanks for all the comments. Currently I use KeepassXD/DX + Syncthing.
I hash my password with fingerprint on Android, keep a seperate database containing that one in another place for backup. Maybe thats stupid, but I cant type on a phone.
On Linux I use KWallet, store the Keepass password there, and have a shortcut fetching that password and inserting it into the Keepass wallet using KeepassXC. Works with one click too.
Problems
- all entries are either locked or unlocked
- to have autofill working, the app cant be killed (Android)
- also, all passwords need to be decrypted for it to work
I dont see that this is the best solution. Decrypted, maybe hashed metadata possible to detect autofill fields, and then selectively unlock the needed credentials, would be better.
I don’t know about iOS but if you use an Android you can try Bitwarden. It detects credential fields and when you tap in them a little popup appers that offers Bitwarden to auto-fill these fields. When you then tap on that it opens Bitwarden and it offers all fitting entries from your vault. Select the one you want to use and then it fills the fields.
Maybe that’s what you’re looking for? I really love that feature.Thanks but I guess their db works exactly like Keepass. It has to be fully unlocked for that to work, and I dont know if that makes sense.
Works like this for me:
Tap password field
Bitwarden pops up requesting fingerprint to unlock
Select the credentials you want to use
AutofillNot quite sure what you mean by fully unlocked here. I don’t see the problem with all credentials being unlocked if you have to unlock on every access to the db.
No, it doesn’t. I just tested it. I restarted my phone to make sure Bitwarden is closed, Opened the browser and opened a website where I have an account. In the login mask where I was prompted to insert my credentials the little popup appeared and when I tapped on it Bitwarden opened. It wanted me to enter my Master-Password so I did just that and it opened the DB to offer me the entries for auto-fill. You can even set a preference to immediately lock the DB after a single use and to always prompt the Master-Password (+ 2FA (optionally)) if you want.
Edit: Hell, you could even make it completely sign you out after every single use so you’d have to re-enter your email address, Master-Password and TOTP for 2FA. Not even KeePass offers you that level of security because you don’t need a username for your DB.
You can actually keep it locked and it still works. It just prompts you to unlock it when you press the auto fill button. It also means that it won’t show autofill suggestions on the login screen and just a generic bitwarden autofill button. You can change how long it stays unlocked for between immediately to any custom number of hours / minutes or only on app restart.
Interesting yes I think thats correct! So it actually does work on Android, just not as well on Linux, if at all with the Flatpak mess.
Yeah I don’t use the flatpak / desktop app at all, since I have the browser extension installed which does autofill and also has the same vault lock options as the mobile app.
Okay thats pretty nice then
+1 for Bitwarden, regardless of platform, and regardless of whether it ticks all your boxes or not. It’s just good.
On android, Make sure KeePassDX as the default auto fill service and also give display pop up windows while running in the background permission from system settings to the app. If that doesn’t solve your problem, simply use KeePassDX magikeyboard feature.
Android keeps killing the app, it eats up too much RAM and a different solution would solve this problem I guess
On Android, I’d recommend looking into Keepass2Android. I don’t necessarily guarantee that it’ll solve your issues, but it has lots of options and is fully compatible. At the very least, it always offer autofill for me, even when locked and there’s various methods of Quick-Unlock.
As for your general problem of having all entries unlocked, that’s just a necessary trait of local password managers. I don’t really see it as a problem though, since I don’t really see a situation where an attacker would only have access to my unlocked passwords, but not also my master password, rendering selective unlocking of entries pointless anyway.
I’d also consider getting a hardware key (YubiKey) and use that in combination with a short password for your password. Both KeePassXC and Keepass2Android support them. More secure and much more comfortable than your current solution.
Also not what I am looking for, and I think KeepassDX is the more up to date app?
On android, Make sure KeePassDX as the default auto fill service and also give display pop up windows while running in the background permission from system settings to the app. If that doesn’t solve your problem, simply use KeePassDX magikeyboard feature.