TR Forums

I ported many of my passwords to KeePass 2 and included the URL to each password. But It's not auto-entering them into the password field.

KeePass doesn't automatically enter passwords. It lets you enter URLs for convenience.

It requires one of the available plugins to handle that. Look here on the KeePass website, under "Integration & Transfer".

Hm... There's KeeForm, KeeFox, and PassIFox.

AutoType (bound to ctrl-V in the windows version) basically does that. Open the website (by double clicking on the URL), and assuming the cursor is in the login field, go back to KeePass and do the auto-type. By default, the sequence is username-tab-password-enter, which works for most websites, but some more secure ones have the password on a second page, so you'd need to change the entry sequence. If you really just want it to enter the password, not the username, you can easily change the default sequence globally to enter only the password.

AutoType also has 2-channel type obfuscation, where it copies some characters of the password through the clipboard and other characters by (faked) typing, which defeats most keyloggers and clipboard sniffers. So that's nice.

That said, I find simply double-clicking on the password (to copy it) and pasting it pretty simple, and for my own sanity the only thing I allow to unencrypt my password store is the main KeePass program itself, so I don't use any plugins.

There's a much simpler way to passwords.

Pick an easily-remembered phrase; we all have at least one. Pick a hash algorithm (preferably something in the SHA series) and grab a local copy of it. Run that phrase through your hash algorithm of choice (on your own box) and use the hash as your password (saving the hash somewhere would defeat the purpose). The local copy means that your passphrase isn't transmitted in the clear to a website hosting the hash function. You're immune from rainbow tables and you're verging on Lawrence Waterhouse trying to decrypt Arethusa even without the assistance of certain Qwghlm female spies.

Keefox is my instrument of choice in this task. I actually switched back to firefox because it's that good.

Captain Ned wrote:

There's a much simpler way to passwords.

Pick an easily-remembered phrase; we all have at least one. Pick a hash algorithm (preferably something in the SHA series) and grab a local copy of it. Run that phrase through your hash algorithm of choice (on your own box) and use the hash as your password (saving the hash somewhere would defeat the purpose). The local copy means that your passphrase isn't transmitted in the clear to a website hosting the hash function. You're immune from rainbow tables and you're verging on Lawrence Waterhouse trying to decrypt Arethusa even without the assistance of certain Qwghlm female spies.

How would it help if I have to use university computer to log into my university accounts?

I use my main laptop as much as possible, but sometime I have to log into another computer.

I guess I could use the hash for non-university accounts.

Oh, and is there a way to copy and paste on a Moto G phone with Android 4.4.3? It's a bit tedious typing in a 20 character long password (has different old passwords combined together).

UnfriendlyFire wrote:

How would it help if I have to use university computer to log into my university accounts?

Bring with you your laptop/tablet/whatever that can run the hasher. Input your passphrase into the hasher. Type the resulting hash into the password field on your Uni account. Yes, this relies on you reading characters from one box and typing them into another box. Copy/Paste just so misses the point, as it leaves a remnant of the hash in memory.

Short list: Proper and secure PW management is not a single-source solution, nor is it a copy/paste function. If you truly want a secure PW you need to generate it on a device that is never attached to any network. Dedicate a tablet to running a SHA512 hasher and physically rip out the WiFi/cell antennae. Type the passphrase into the dedicated device and manually retype the resultant hash into the PW box. For God's sake don't let the browser remember it.

I think there's a certain point where I'm not an employee of a defense contractor or a person of interest, the amount of security is a slight over-kill.

I typically change my passwords once a month.

Still trying to figure out how to use copy/paste with KeePass on my Android 4.4.3 smartphone, because I'm not typing 20 characters on a tiny touch-keyboard that is on the screen.