Menu

#2801 Split "Unhide Passwords" policy to effectively disable Ctrl+H only in Main window.

KeePass_2.x
open
nobody
hotkey (2) ctrl+h (1) unhide (1) policy (1) password pol (1)
9
2024-12-15
2023-02-22
pras92
No

Dear Team,

Currently, unchecking Unhide Passwords policy from Tools>Options>Policy(tab) to disable Ctrl+H hotkey also disables the option to view passwords in Edit Entry.

Can you please split this policy into two, so it effects by view type:

  1. Main window
  2. Edit Entry dialog box > Show/Hide password using asterisks

Would like an option to "Unhide passwords" only in the main window, and thereby avoiding passwords being accidentally shown in plaintext in the main window; yet retain it in Edit Entry dialog box (of-course, one would expect to have the option to view the current password, while editing it's entry).

Ctrl+H is a very common Hotkey used by all browsers, and it can easily be used unintentionally, when the KeePass windows is active, especially when we work with multiple monitors.

Here is the related discussion: https://sourceforge.net/p/keepass/discussion/329220/thread/ca2c13859e/#1648

Regards.

Discussion

  • Mirco Babin

    Mirco Babin - 2023-02-22

    I totally agree.

    • Ctrl+H hotkey revealing everything in the Main Window is totally unwanted behaviour.

    • Having the option in the Edit Window to reveal the password is wanted behaviour.

    • And the same applies to Ctrl+J revealing/hiding all usernames in the Main Window. This is also unwanted behaviour. But here also in the Edit Window you want to be able to view the username.

     

    Last edit: Mirco Babin 2023-02-22

  • wellread1

    wellread1 - 2023-02-22

    Use View>Configure Columns... to prevent display of the password and username columns. This has the additional advantage of freeing up space wasted by displaying asterisks in the Main Entry View.

     

  • Mirco Babin

    Mirco Babin - 2023-02-23

    @wellread1
    Hiding the Username and Password column in the Main Window could be a solution. But then I loose the ability to doubleclick on the value in the column to copy the Username / Password to the clipboard for pasting into websites.

    Copy Username / Password can also be achieved by:
    1) Global autotype hotkey. I can remember this keystroke one because I use it very often. But not all websites are autotypeable.
    2) Right mouseclick on the entry showing the entry popupmenu.
    3) Ctrl+B for copying the username and Ctrl+C for copying the password. My ability to remember keystrokes has declined dramatically since the Windows visual era and the exit of the Dos era.

    I'm going to use your bypass to hide username and password for ~2 weeks. To see if it works for me.

    What you present is a bypass, bypassing a security hole in KeePass. After a fresh install of KeePass or the deletion of KeePass.config.xml the username and password columns are shown by default. So while this could work for me acustomed to KeePass pecularities, a fresh new user maybe in for a big surprise.

    Attached is a screenshot of Configure Columns.
    Attached is a screenshot of KeePass after deleting KeePass.config.xml

     
    Thumbnail
    Configure Columns.png
    Thumbnail
    Fresh Config.png

  • Mirco Babin

    Mirco Babin - 2023-03-08

    @wellread1 I have been hiding the username and password column in the Main Window for ~2 weeks now. And this bypass is working, not great, but it's working.

    Not great, because I used to doubleclick on the username and password to copy to the clipboard. Now I find myself staring at the screen and after a brief period I remember to use the right mousebutton for copy.

    So I still support this feature request. I really really don't understand why anyone, ever, in any circumstance wants to reveal all passwords in the Main Screen. By pressing ctrl+h, a shortcut key that's not even listed in any of the Main Window menu's.

    This is an enormous security hole, because an adversary presses ctrl+h makes a photo of the screen and presses ctrl+h again. Yes I know the answer already, if I let somebody standing at my computer with an open KeePass database without me watching, I must be stupid. Correct?

    The other way around is an untrusted person stands next to my computer with an open KeePass. I operate the computer and somehow someway I press ctrl+h per mistake and all passwords are revealed. And the untrusted person can read all the passwords in the Main Screen which is normally visible. Yes I know the answer already. I must know not to press ctrl+h. I'm stupid to do so. Correct?

    A password manager should when possible protect it's users from making stupid mistakes. I really love KeePass, I use it every working day and I really can't do my job without KeePass. But this ctrl+h thing really irritates me.

     

  • wellread1

    wellread1 - 2023-03-08

    You have made your best case for introducing separate policy settings for hiding passwords in the main window and the entry dialog. In the meantime, I suggest you explore habits/workflows that work for you and mitigate your concerns.

    If you have difficulty adjusting to Ctrl+C/Ctrl+V vs double-click password/Ctrl+V for password copy and paste, I recommend the KPEnhancedEntryView plugin for copying or auto-typing individual field values, e.g. passwords. This plugin adds convenient editing and use capabilities for string fields that are not duplicated in KeePass.

     

  • Davide Miccone

    Davide Miccone - 2023-12-13

    this feature is absolutely essential to guarantee functionality and safety!

     

  • Davide Miccone

    Davide Miccone - 2024-12-15

    Any news on policy split for unhide password?

     

  • Paul

    Paul - 2024-12-15

    Have you tried shrinking the password column so that it is still usable but doesn't show more than one character?

    cheers, Paul

     

Log in to post a comment.