Autofill OTP forms

[J-Jamet]

The autofill of the OTP fields would be perfect but requires a lot of work in the realization of the parser because each form is different.

You can leave a comment in order to define the forms to study in priority.

[famewolf]

I just noticed this request is 3 days shy of being 2 years OLD with no progress made.

SO the bottom line appears to be although workaround's exist (and code is available [ see below]) to simplify the user's work process the dev considers them bad practice and is not going to implement any of them. His preferred "method" will never be implemented since it requires everyone on the whole internet to use unenforceable standards or implement code for each website.

AuthPass - KeePass compatible Password Manager Keep your passwords safe across all platforms and devices. New in version 1.9.4

• Allow customizing of search fields.
• Support for storing attachments outside password file on AuthPass Cloud (Not enabled by default)
• Updated all languages If you find untranslated strings, help us at https://translate.authpass.app/ * Keyboard shortcut for copy TOTP (ctrl+t) #262
• Desktop: system wide shortcuts (ctrl+alt+f for opening search). #262

Since AuthPass now provides this feature and uses the same database and given the dev has decided he can make decisions for the user in spite of their wishes perhaps keepassdx can be relegated to the trashcan vault after switching to AuthPass.

[xf-]

I understand that the solution is not easy, Browser Plugin has much more access/permissions in a browser compared to sandboxed apps with limited APIs from android and also Apps need to be supported (non-websites).

Happy you are not taking shortcut. Some improvement in workflow would be very welcome and no APIs to external storage providers and native Android program languages.

@famewolf you can use what ever you want. This is not bloatware delivered with your phone.

[J-Jamet]

I just noticed this request is 3 days shy of being 2 years OLD with no progress made.

Indeed, I have not seen your work on the subject.

SO the bottom line appears to be although workaround's exist (and code is available [ see below]) to simplify the user's work process the dev considers them bad practice and is not going to implement any of them. His preferred "method" will never be implemented since it requires everyone on the whole internet to use unenforceable standards or implement code for each website.

I don't think you read it very well. I am not forcing anyone, I am saying that the solution needs to be written in a good way. Again, I don't see your work, I looked at the problem and the current implementation and pointed out the viable solution but you know I don't have 4 arms and I work on my own time so obviously I'm not going to prioritize workaround that I don't agree with. It's not very motivating, especially if users like you come just to denigrate and to be dismissive.

I have never stopped people from using other applications, Authpass is open source, good and I recommend it too but we don't have the same way of creating and so much the better. Everyone uses the tool adapted to their needs and beliefs. Despite of that, I don't see why you want to take down KeePassDX, it's against a constructive discussion so please stay courteous and respectful. Note that the issue is still open and I am discussing. So of course I am open to arguments ("others have done it" is not one, let's be very clear)!

TOTP is already implemented and fill-in solutions already exist so implementing a workaround is not a priority. Why don't you go ahead and start listing the most popular OTP form data for recognition? I'm directing you to this solution because it will also have the advantage of greatly improving form recognition for all types of fields, so it will be much better.

Why do you think I'm creating another KeePass application, it's to improve the existing concepts, not to copy them without thinking (the guideline is to create something different with respected and more secure concepts). A workaround will work a little bit in the short term but not in the long term and I prefer to spend my free time writing code that will last. If you don't agree with this, fine, but don't pollute the thread. Criticizing and proposing to boycott has never helped : first warning.

Note : I don't see the connection with the padding problem of issue #292?

@gabeweb This would mean using a different workaround, so get the URL from the autofill workflow. And the problem would still be the same if there are several entries available for the same form. But I can think in more detail to make the user experience easier with the current notifications. So use the notifications workflow but limit it to data that we have specified, but it will only work if an entry is selected manually.

@xf- Indeed, it is necessary to manage the restrictions of the system which are increasingly strong.

[gabeweb]

@gabeweb This would mean using a different workaround, so get the URL from the autofill workflow. And the problem would still be the same if there are several entries available for the same form. But I can think in more detail to make the user experience easier with the current notifications. So use the notifications workflow but limit it to data that we have specified, but it will only work if an entry is selected manually.

@J-Jamet maybe you can be inspired by the workaround of KeePassXC on the desktop (for the selection and activation for an entry).

I have several email accounts from the same provider in my two KeePass vaults (personal and work), so, when I need to logging in one of these accounts, I have to select the account that I want to access and KeePassXC only be work with the data of the selected entry.

Working in this way, when selecting an entry and automatically activating its data, it may be feasible for KeePassDX to offer the same thing (and yes, when dealing with several entries related to a provider, that is where the complexity is found) in the top banner that is displayed while KeePassDX is open.

If the user mistakenly selected the wrong entry, perhaps KeePassDX should show an additional button to go back to the list of entries and select the correct one.

[serrq]

My idea to bypass fields structure:

When a certain app autofill is sent, then KeepassDX open a card in notification bar and it provides the OTP for that app/service.

In the same card have to be 'Cancel' and 'Copy' buttons.

You just need to figure out when the autofill downloaded its contents in the login and password fields. That’s when you’ll see the card with the corresponding service/app notification.

I hope I understood properly the problem.

Could that work?

[J-Jamet]

No, it's not that simple as explained before : https://github.com/Kunzisoft/KeePassDX/issues/553#issuecomment-912936390

[serrq]

No, it's not that simple as explained before : #553 (comment)

Enpass app already does it (automatically copy OTP in clipboard).

Please study/copy their method. I am not a developer. Sorry for my weak help.

[J-Jamet]

Does Enpass allow multiple entries in the autofill and selection of the second entry's OTP token?

[serrq]

Does Enpass allow multiple entries in the autofill and selection of the second entry's OTP token?

No. After autofill pasted values in right fields (login + password) it automatically load the copyboard with (app/service) corresponding OTP.

Is it dangerous this practice? (for security)

ps: I am not native English

[J-Jamet]

The thing is, other file managers only offer one entry in the autofill, so you can only select one OTP token before sending the autofill result. There's no selection callback on the Autofill button, so the functionality isn't possible when there are several entries displayed in the Autofill. Please read the thread correctly.