Macpass: [Feature Request] Option to Pre-populate last key file used for databases without password

Created on 5 Sep 2014  Â·  10Comments  Â·  Source: MacPass/MacPass

Option to Pre-populate the last key used for passwordless databases. The official keepass app does this.

Bonus points: Have a drop down with the last ~5 keys used.

Discussion Enhancement

All 10 comments

Since I consider this highly insecure it's disabled. The keys for databases with passwords are saved if you enable the appropriate setting. This is ignored if you open a database with only a key file. Where's the security factor in this if you do not store the key on an external drive?

Addendum: I have no way of knowing for sure if the location of the key file is a removable drive and thus I'm against storing it. I can enable the feature but I'm unsure it's useful for most people.

Just like it's up to the user to create a secure master password, I feel it
should be the responsibility of the user to securely store the key. I
suggest it be an option that is disabled by default perhaps with a
warning/notice of best practice that the key be stored securely. It's not
really harming security when I click "Choose File..." it takes me to the
last location I was at anyway with the key right there. It's simply
removing 3-4 clicks. That's my honest opinion. The point is, if an attacker
gains access to a computer with a passwordless database he/she will be able
to gain access to the database regardless by simply searching the computer
for a keyfile.

I'm not suggesting storing the keyfile, just the last location of it
(perhaps even masked, so one can't actually see the location).

On Fri, Sep 5, 2014 at 12:31 PM, Michael Starke [email protected]
wrote:

Addendum: I have no way of knowing for sure if the location of the key
file is a removable drive and thus I'm against storing it. I can enable the
feature but I'm unsure it's useful for most people.

—
Reply to this email directly or view it on GitHub
https://github.com/mstarke/MacPass/issues/237#issuecomment-54670685.

Hi,

i just want to push this again.

I really love MacPass and think it really is the best OSX version of KeePass.

Only 2 things (both already mentioned):

  • directly go to search dialog after opening the program
  • key file is preselected. My use case: I sync the database over cloud service. So password only was kind of to unsafe for me. So i use a password plus a key file that is not on the cloud of course but on each device with keepass. I really would appreciate that the key file is always pre-selected... like the database already is.

Thanks for the program,
Florian

Agree with you in all respects except tge last because it already exists.
You can modify the preferences to save the preselected key file.
On Mar 21, 2015 8:33 AM, "flodaho" [email protected] wrote:

Hi,

i just want to push this again.

I really love MacPass and think it really is the best OSX version of
KeePass.

Only 2 things (both already mentioned):

-

directly go to search dialog after opening the program
-

key file is preselected. My use case: I sync the database over cloud
service. So password only was kind of to unsafe for me. So i use a password
plus a key file that is not on the cloud of course but on each device with
keepass. I really would appreciate that the key file is always
pre-selected... like the database already is.

Thanks for the program,
Florian

—
Reply to this email directly or view it on GitHub
https://github.com/mstarke/MacPass/issues/237#issuecomment-84373671.

Oh .. i really embarrassed myself. Sorry for this unnecessary post. It only was one klick away.

You can modify the preferences to save the preselected key file.

Unfortunately, in 0.7.3 this does not seem to work. I have enabled the option in the preferences window, and still the key file box is empty when starting MacPass!

Also, I want to second @flodaho: like him, I use a key file without a password, so having to disable that field each time I open the database is uncomfortable.

Background: the goal is not to protect against local attackers (that's what system encryption and locking the computer is for), but to make it hard for the sync provider (Google Drive, Dropbox and the like) to read my passwords. Sure, you may see this differently, but that's why it would be an option. Mine/@flodaho's use case is certainly not simply "absolutely insecure".

Note: I even would like to make it so that the database is opened automatically when starting MacPass, without any form of user interaction, but that would probably be a separate feature request.

As stated above, if no password is set, key files aren't remembered. I'll take the info into account and might change the behaviour to include only-key files as well and this should then automatically disable the password checkbox as well.

Regarding auto-unlocking: If no password is set and a keyfile is found this is trivial.

I find myself in a similar situation like the other people in this thread. Every time I want to open MacPass I have to perform the following actions:

  1. Click MacPass icon in dock
  2. Uncheck "Password" box
  3. Click "Choose..." to select keyfile
  4. Double-click key file
  5. Click "Unlock"

This feels unnecessary complicated to me and having the option "Remember Keyfile for Databases" work without passwords would solve it. Please consider implementing this in the future and thank you for your work @mstarke!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

gagarine picture gagarine  Â·  4Comments

damien-list picture damien-list  Â·  3Comments

markushausammann picture markushausammann  Â·  3Comments

uwqwxing886 picture uwqwxing886  Â·  5Comments

mstarke picture mstarke  Â·  3Comments