2

I use KeePassXC as my password manager; my operating system is Linux Mint 20.2. Login fields in Firefox are automatically recognized. I can click on a small key symbol and both username and password are autofilled.

This does not happen when I log in to a Desktop application. For instance, I use Pidgin, and everytime I start the application, I have to go to KeePassXC, copy the password to the clipboard, and then paste it to the Pidgin prompt. (Notice that there is only a password box in Pidgin; the username does not have to be entered. Maybe this is another difficulty for KeePassXC?)

How can I configure KeePassXC or Pidgin so that KeePassXC recognizes the password field? (I will also appreciate a reference to an answer where the Desktop application was not Pidgin.)

Improve this question

2 Answers 2

Reset to default
2

For applications outside web browser, you might want to use the "auto-type" functionality. I set it up thanks to KeePassXC documentation, but it works like the original KeePass auto-type, so their documentation was also a great help.

Basically, the principle is to rely not on URLs, like for a web browser, but on window title.

As far as I can imagine, using auto-typing would be more secure than copy-pasting or typing on keyboard, because :

  • KeePassXC auto-type acts as a virtual keyboard. By using it, you stay in the secured frame established by KeePassXC
  • You don't store your credentials in the clipboard, that is an unencrypted space accessible by all applications
  • You're not at risk of having your credentials leaked by a keylogger or any keyboard listener
  • You're not leaving something on the keyboard that might be used to retrieve your credentials (I've heard technics based on key usage, key temperature, user eyes tracking by a webcam... Not sure they all really work, but in the end, it means that typing on a keyboard is not that secure!)
Improve this answer
3
  • 1
    I just tested it and it works great. Do you (or anyone else) spot any security issues? I thought at first sight that this might grant access to my Pidgin password for a window that names itself Pidgin (although it isn't the Pidgin client). But then however, I have to type the auto-type shortcut first (which might happen accidentally) and choose one of the matching entries (which will probably not happen accidentally). Is the reasoning senseful? Do I miss an issue?
    – NerdOnTour
    Commented Nov 30, 2021 at 11:29
  • I have added a few more details about why I think it is more secure to use auto-type. Your reasoning does definitely make sense. Here, the best way to prevent accidental leak of credentials is to be as specific as possible when you configure the window name in KeePassXC. And as you highlight, it's good to keep a manual step before sending the credentials.
    – FloT
    Commented Nov 30, 2021 at 20:07
  • "And as you highlight, it's good to keep a manual step before sending the credentials." This reminds me of our conversation here: superuser.com/a/1690162/1568733
    – NerdOnTour
    Commented Dec 1, 2021 at 16:15
1

You can't. The reason that KeePassXC works in a browser is because it silently injects some Javascript in every page you load via a browser plugin. This allows the additional rendering of the little key symbol and the additional autofill functionality.

Desktop applications work in a fundamentally different way. They are compiled applications, in which no code can be injected without the application itself having some provision for it. There is no way for KeePassXC to interact with these applications in a standardized way. You might get lucky with applications based on a web framework like Electron, but for most desktop apps (including Pidgin), it's just not going to work.

Improve this answer
2
  • Well, this is a clear response. Concerning these few applications I might get lucky with: Is Thunderbird one of them? Or, more generally: Which applications may interact smoothly with KeePassXC?
    – NerdOnTour
    Commented Oct 29, 2021 at 14:50
  • I don't think anyone would be able to give you an exhaustive list. Thunderbird would not be one of them because it's written in C++.
    – mtak
    Commented Oct 30, 2021 at 11:50

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .