keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
21.28k stars 1.48k forks source link

Add Identity template coupled with browser extension to fill Web-Forms #4171

Open OLLI-S opened 4 years ago

OLLI-S commented 4 years ago

Summary

Please add a new type "Identity" that can be used to fill web-forms.

Desired Behavior

Please add an identity where I can enter my personal information like:

This data can be used by the KeePassXC Browser Extension to fill web-forms. Here I click the icon of the KeePassXC Browser Extension and select to fill the web form (all fields are filled).

I also can right-click into a single field and select: KeePassXC Browser -> Fill Identity -> <List of available values like "Name" or "Email Address"> So I can select to fill this field with the "Name" or the "Email Address".

Note that users can have multiple entries for family members. So when filling an identity users can select what identity should be used (if there is more than one identity).

For Firefox there is a Add-On that performs this: Autofill Forms (https://add0n.com/autofillforms-e10s.html)

I can provide screen shots from other password managers that already have such a feature.

droidmonkey commented 4 years ago

This is built directly into Chrome. This feature would be best coupled with entry templates.

OLLI-S commented 4 years ago

@droidmonkey I know that in Chrome I have a form filling feature, but:

Currently I can not sync the identity data between these browsers (Chrome, Edge Chromium and Firefox). So you should implement this feature in KeePassXC because then I have all relevant data and all sensitive data in one place.

Many other password managers like Bitwarden or 1Password offer this feature already.

varjolintu commented 4 years ago

@OLLI-S For now, you can only import/export settings from the browser extension.

In the future, it's possible to save and use the settings directly from the database. But that's still in the TODO list.

OLLI-S commented 4 years ago

@varjolintu You mean: the settings of the browser plugin is stored in the KeePassXC database?

varjolintu commented 4 years ago

@varjolintu You mean: the settings of the browser plugin is stored in the KeePassXC database?

No. But it could be possible in the future. Of course you can export the settings now and store it as a file inside your database. But this is purely manual way to keep the settings with you.

OLLI-S commented 4 years ago

This feature would be cool.

OLLI-S commented 4 years ago

Some cases why this is very useful although identities are available in Chrome:

So please consider adding this feature.

droidmonkey commented 4 years ago

Recognizing form fields is incredibly difficult because every website can name a field whatever the heck they want to. If Chrome can't do it great already there is a near zero chance we are going to do it better.

OLLI-S commented 4 years ago

This is why I suggested that you right click in a field, select KeePassXC Browser -> Fill Identity and here I get a sub-menu with all fields, that are available in my identity. Easier than typing the data manually.

varjolintu commented 4 years ago

Making this automatic would be really difficult. IMO, the only way this could be useful would be to implement a way of filling similar to Choose custom login fields where the identity elements would be listed and you can just fill them to the input fields.

droidmonkey commented 4 years ago

Right clicking on each field and selecting from a pick list will ensure this feature is never used. That is a lot of effort for users to go through on every form and doesn't solve any problems. Using the custom logon fields won't work either because these would be one-time-use type forms like shopping cart check outs.

The more I think about this the more I don't think its worth the effort.

varjolintu commented 4 years ago

@droidmonkey I totally agree.

OLLI-S commented 4 years ago

@droidmonkey @varjolintu In the past I used the Firefox Add-On Autofill Forms (https://add0n.com/autofillforms-e10s.html) This Add-On has some rules how to identify the corresponding fields. Maybe these rules help you detecting the fields correctly.

I talked to some colleagues and tried them to convince them about KeePassXC. Currently they are using KeePass, 1Password, LastPass and Enpass.

Bitwarden, 1Password, LastPass and Enpass allow me to create a new entry of the type "Identity". And all of them allow me to fill the data into web forms. This is a very useful feature that I used very often when I tested Bitwarden.

So please consider adding this feature. It is very useful to make the data of multiple identities available on different platforms, where you have different browsers (at home I have Chrome, at work I have IE and Firefox).

If you really plan to implement this I will donate 30 Dollar for this feature. I just don't want to donate now when it is 100% sure that this feature will not come.

droidmonkey commented 4 years ago

I wouldn't donate a bounty to this one, it will likely take a large effort and requires templates first, which I plan on personally making my banner feature for 2.6.

OLLI-S commented 4 years ago

@droidmonkey You and the rest of the team do really a fantastic job. All of you. This is why I switched from KeePass to KeePassXC and convince my friends and colleagues to do the same.

I know that templates are needed for this feature and I know that this feature will take much time. And when templates are implemented, then we will see if there is time for this feature. If you implement it, then we have this issue in GH. If you don't plan to implement it, then we will close it.

AdamPS commented 3 years ago

I would also donate for this as it would be very useful. Sure it's quite hard and a lot of work. However we don't necessarily have to close the issue just because none of the current developers plan to give their time for it. Someone else might wish to do it and this discussion is useful in that case. In any case, if this issue gets closed, someone else might have the same request and finding no open issue would raise a new one which would be a bit of a waste of time.

Other password fillers do this so clearly it is possible. Each item of data in the identity could have a corresponding pattern match to use against form field names or descriptions (the latter being language-specific of course). The pattern match could be customisable. Once the basic code is written then the community can help a lot with the work of making the pattern matching better and better. I believe that Bitwarden does this and they claim open-source so it might be possible to see their list of patterns as a big help.

AdamPS commented 3 years ago

Also see this autofill browser extension. You might ask what is the point to add identify filling if another extension has it. Well for me the point is to fill private information into forms. I would like my credit card numbers and so on to be safe and the best place for that is in my KeePass database.

droidmonkey commented 3 years ago

You can do all this today with autotype. Especially credit card filling.

AdamPS commented 3 years ago

You can do all this today with autotype. Especially credit card filling.

Thank you for the reply - yes I am aware of that. However the two are very much different:

Honestly filling identities is an amazing time saver. I used RoboForm for a while and their filling worked very well. I moved here as I prefer open source and more control of where my data is stored, but I really do miss that.

I'm about to evaluate BitWarden and will let you know how well their filling works.

Groxx commented 3 years ago

I'll very much +1 that autotype is not the same as autofill. Autotype relies on things having an identical tab-order, for instance, and address forms / cc forms / etc forms are not very consistent. (CC forms are often all the same, but I've run across many exceptions)

Both are useful, and there is definitely some crossover. But one is very much not a superset of the other.

DeN-AlB commented 2 years ago

Just found this request and want to vote for it! +1

Actually, I try to find an alternative to 1Password because of their subscription. So I play a bit with KeePass / KeePassXC. I like the design of KeePassXC and would prefer using it. But I was wondering that there are some templates which I could use for Bank Accounts, Identities... But it seems like there aren't any.

Please give that feature a try and a bump on your to-do list.

AdamPS commented 2 years ago

BitWarden autofill is amazing (and no subscription). Their shared passwords works really well to. It's so good that I am accepting the hassle of using two password managers in parallel - I still prefer KeePassXC in general.

I would definitely donate for this feature. I believe the Bitwarden code is open source to use as a starting point.

varjolintu commented 2 years ago

I'll do some experimental detection for the credit card forms. It doesn't hurt if the extension already has a somekind of support for it.

AdamPS commented 2 years ago

Great thanks😃

pakelley commented 2 years ago

I'd also be willing to donate to help with this feature, if it helps. I get that it's tricky though, and I wanted to say thanks for all of the work the devs have already put into this project; keepassxc is really impressive. Form filling is the number one feature I miss from lastpass though, it really is very helpful.

In case it helps, looks like bitwarden references this standard in their source code (the generateIdentityFillScript function), and they seem to basically check for the autocomplete attribute plus a few other things. Doesn't make it simple, but hopefully that's a useful starting point.

katzeprior commented 2 years ago

Would love it for cards and identity support, doesnt have to be autofill imo, i am currently adding those in notes and attributes. Would help with keeping my aliases local.

trumad commented 6 months ago

I would also appreciate this, since Firefox doesn't support autofill properly

antiformer commented 5 months ago

LET's start with this idea. Everyone hates filling forms but we all have to fill them. Let's make it simpler for form-filling by having a set of standards for the titles of the fields that form designers use. Building a library of fields to incorporate in form-fillers would make it simple. If a person filling the form needed to actually type an answer, that could be stored for next time. Ambiguity and slight variations of field names would be reduced. Maybe chatgpt could come up with the library.

AJolly commented 4 months ago

Even if it only remembers existing form data that would be great - "save form data" rather than just "save credentials"