XA21X
commented
6 years ago I do prefer LastPass' behaviour (the last time I used it), where generated passwords are saved anyways whether it's actually submitted in the registration form. When I switched to KeePassXC, I was expecting the password generator's Copy and Fill & copy actions to save the password along with a best guess name/URL which is then turned into the proper entry as per the current procedure.
It's saved me a few times on the rare occasions where the browser extension fails to capture the form data or I when forget to acknowledge the prompt. Searching for the site name + timestamp usually works.
varjolintu
TheGoddessInari
edo0
When I have an existing, password protected, account on some website, where that website and login credentials are known to KeePassXC, then I expect that when I am change that password, using the KeePassXC Password Generator to make a nice new random password, that there will be someway to ensure that that new password is saved to the KeePassXC database, updating the password it has saved for that website.
I can find no way whatsoever to make this happen just from within the Browser interface.
I have to open KeePassXC itself, in a separate window, and update the record for that website to have the newly generated password. If I forget to do so, before closing the KeePassXC Password Generator popup in the browser, then my new password for that website is lost forever.
I would like to use KeePassXC to update my passwords on dozens of websites, and it would be much easier to do so, if I could just work within the browser, rather than copying newly generated passwords back and forth between KeePassXC itself (to get it into an updated KeePassXC record) and the admin page for my account on each corresponding website.
The way it is now, for me, is dangerous -- a high risk of losing a newly generated password if I am not careful.
I am using KeePassXC 2.3.3 with the KeePassXC-Browser 1.1.13 Add-on in Firefox 60.0.2 on Gentoo Linux with the /usr/local/bin/keepassxc-proxy proxy.
The particular site I have been playing around the most with this, trying to see if I was missing some user step (if I am ... I'm still missing it) was my Zerohedge.com account, as that's not a critical account for me, and they have quite functional password recovery mechanisms. However every site I've tried this on is the same way. I do have a critical account at one website (an email service for a critical email account of mine) that, until recently, had an essentially impossible and broken password recovery mechanism ... so I am perhaps more sensitive than most to risks of losing an account's password when trying to update it.
My testing is typically when I have the KeePassXC application already opened and running, with its database unlocked, and the above stated proxy running, and with my being able to login to the test website (such as Zerohedge) using the existing login name and soon to be obsolete password obtained from KeePassXC using the (quite nice) login form recognition and field data entering of KeePassXC. Then I go to my account login page for that website, and endeavor to change my password there. The newly created password never ends up back in the KeePassXC database, and is lost forever, unless I manually also enter that new password directly into "Edit entry" screen for that account in the KeePassXC application and click Apply or OK for that screen.
If the above normally works better than this, for most users, on most systems, suggesting that there is something "special" about my system, then I may be able to assist in debugging the problem, if given some specific questions, as I am an ancient Unix/Linux kernel/utilities hacker.
P.S. -- This may actually be a nearly impossible expectation on my part. For some websites, I have multiple login accounts, and without some serious UI and serious logic hacking, the code that was generating a new random password in the browser (even if using the KeePassXC Password Generator) would, perhaps, not know which one of my several login accounts for that website should have its KeePassXC stored password updated. If that is the case, then I recommend == Removing == the interface to the KeePassXC Password Generator in the Browser add-on, as it's an invitation to shoot one's self in the foot (to set some account's password to something that will be immediately and forever after lost.) This in particular would mean == Removing == the "Show Password Generator Icons" option from the KeePassXC context menu for login credential fields, and == Removing == the "Activate password generator" option from the Preferences for this KeePassXC-Browser 1.1.13 Add-on. If the best that can be done with this browser add-on password generator interface is to make it much easier to lose knowledge of your password(s) for a website, then it would be better to not have that interface. I certainly to not know this code well enough to know if this speculation applies here.