4

I happily use KeePassXC together with the Firefox browser Add-On on my laptop. My operating system is Linux Mint 20.2. When I open a website where I have to login, then the green and white key symbol shows in the automatically detected login field. If I click it, the username and password are filled and I only have to Enter.

I would like to automate the process further. After opening the website, the credentials should be filled and entered automatically, without me having to do anything. Is that possible?

All the questions and answers I could find so far were about automatically opening the passwords database at system start, without having to enter the master password in KeePassXC. This is not what I want.

My use-case is the following (and I am not sure whether this paragraph helps you to answer my question): I have configured several websites to launch automatically when I boot my laptop, in order to speed up my "getting started" routine. It would be a further improvement to skip clicking all these key symbols.
Right now, I have KeePassXC to open right when the system has started. Then I enter my master password for KeePassXC. After 20 seconds (I configured this interval in the Startup Applications menu), all the websites open automatically. That means KeePassXC would be ready to go by that point.

Improve this question

1 Answer 1

Reset to default
3

If you click on the KeePassXC-Browser icon in Firefox, you will notice a "Settings" button at top left :
KeePassXC-Browser popup

Click on it, and then under the "General settings" tab, go to "Filling credentials" section and check options "Auto-submit login forms" and "Automatically fill in single-credential entries.":
KeePassXC-Browser filling credentials section

It should provide the behavior you expect.

But please also notice the warning message shown below these options !

We could imagine unwanted behaviors in situation where :

  1. someone uses your laptop while you leave it unattended and unlocked
  2. someone can unlock your laptop and your KeePassXC database is unlocked (you can mitigate this risk by setting KeePassXC to automatically lock when the computer is locked or lid is closed)
  3. KeePassXC provides password to "http" URLs (if you match only on the domain name and not the protocol - e.g. URL is example.org instead of https://example.org) or in unexpected fields (fields on websites are sometimes wrongly recognized as login, password or TOTP fields - here you can mitigate this by ensuring that all of your URLs in KeePassXC starts with "https" and, generally, are as specific as possible)
  4. if you share your screen and open a page for which KeePassXC auto-fills (in that case people who see your screen would see the same thing as you when you connect)
  5. if you updated an account but not yet KeePassXC, in that case KeePassXC will auto-submit outdated credentials...
Improve this answer
4
  • 1
    Thanks! Which further risks arise when I use this functionality?
    – NerdOnTour
    Commented Nov 29, 2021 at 13:44
  • You're welcome :-) Adding some cases where it could be dangerous...
    – FloT
    Commented Nov 29, 2021 at 18:12
  • 1
    I see the problems in 3, 4, and 5. (Although I didn't get what you mean with KeePassXC provides password to "http" URLs.) I think 1 and 2 are a general problem when using any password manager and not specific to KeePassXC and its auto-fill settings.
    – NerdOnTour
    Commented Nov 30, 2021 at 11:02
  • I have added a few more comments, I hope that it clarifies. You're correct, 1 and 2 are not only specific to KeePassXC, but, let's say, if someone browses the web on your laptop while you database is open, and wishes to consult a mailbox. At login screen, KeePassXC will automatically connect to your account. So someone might have an unexpected access to your accounts even without bad intention.
    – FloT
    Commented Nov 30, 2021 at 19:50

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .