Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auto-type feature #438

Open
hellium6 opened this issue Sep 3, 2022 · 3 comments
Open

Auto-type feature #438

hellium6 opened this issue Sep 3, 2022 · 3 comments

Comments

@hellium6
Copy link

hellium6 commented Sep 3, 2022

A very useful feature in KeepassXC is the auto-type feature. Basically how it works is that it has a hotkey, user opens the site in KeepassXC, (focuses on the browser) opens the login page, presses the hotkey and it auto fills the credentials.

I just found out that it can also autofill TOTP code! How amazing!

Compared to how it has to be done on a browser without Buttercup addon (e.g. Tor Browser that doesn't recommend installing addons) is copying and pasting everything manually for 2-4 times. Buttercup users will benefit from not having to do this.

Such a feature would be really helpful.

Details: https://github.com/keepassxreboot/keepassxc/wiki/Autotype-Custom-Sequence

@perry-mitchell
Copy link
Member

Imo this is not an ideal approach, as it would require the Desktop app to emit system-wide keyboard events.. right?

Why not simply do the same with the browser extension? That's exactly what they're for, after all :)

The browser extension could potentially perform the exact same actions (as far as I'm aware) as such an auto-type feature, allowing for customisation of logins and the like. I really like this idea and can definitely see Buttercup implementing something like this.

Tor Browser that doesn't recommend installing addons

You shouldn't install addons if you don't trust them, period.. Whatever browser you're installing unknown addons in isn't terribly relevant at this point.

Buttercup is open source for this reason, so you can know what you're installing. So you know that you're able to trust that it does what it says on the box. If you can't get this far then I'm afraid that Buttercup might not be the platform for you (stating this in a general sense, as it's not personal). I specifically made it open source for several reasons:

  • Trust
  • Collaboration
  • Desire to share with the community

I'll get off my soapbox now :D - I recommend that you do install our addon in Tor. So take that as you will..

@perry-mitchell
Copy link
Member

As I very much expect us to implement such a feature, I'll move this to the relevant repo.

@perry-mitchell perry-mitchell transferred this issue from buttercup/buttercup-desktop Sep 5, 2022
@hellium6
Copy link
Author

hellium6 commented Sep 6, 2022

Imo this is not an ideal approach, as it would require the Desktop app to emit system-wide keyboard events.. right?

Why not simply do the same with the browser extension? That's exactly what they're for, after all :)

Well, that could be done. Although I think there are other uses for this feature. There are applications that doesn't support addons or extensions at all, such as Electron based messenger apps or just desktop apps that require passwords.

There's a possibility that I may use webdav to load a file from local network. Which might not work with Tor Browser. (Even if I forget tor, don't even get me started with the self signed cert issue. They don't work on modern apps, which isn't ideal. SSL priv keys with central authorities can be compromised [as they have been before ]. e.g. Android OS doesn't support self signed certs at all, I tried to make it trust one even with system file mods but to no avail. This is a big loss for user freedom in the name of security. And devs say to get a let's encrypt ssl cert, but it is just going in the same direction. Central authorities can be compromised and the beauty of it is, the compromise can be kept a sec ret legally for years. Without an "illegal" whistle-blowing it can be made impossible for the public to know.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants