Avoiding Browser Plugins with KeePassXC
KeePassXC is a popular free open source password manager. As a stand-alone program, KeePassXC can be used to log in to websites as well as desktop programs. Browser plugins are available that will automatically fill in usernames and and passwords from the KeePass database. The plugins obtain the correct login information by scanning the URL of the browser, matching it with one in the KeepassXC database, and then filling in the login information.
Unfortunately, from a security standpoint, using a browser plugins or extension with KeePassXC introduces an additional attack vulnerability. You should generally minimize the use of plugins, particularly ones that must access the encrypted KeePass database.
But without the plugin, KeePassXC is unable to obtain the URL and unable to fill in the log-in information.
What to do?
KeePassXC Auto-Type Feature
Instead of a browser plugin, use KeePassXC’s auto-type feature. By typing the auto-type hot-key, a KeePassXC window is raised which allows you to select the correct username and password for the site.
But this method only brings up entries that match the title of the site, not the URL. Without a browser plugin, the site is unable to recognize the URL and match it with the correct entry in the KeePass database. As a result, many times KeePassXC will fail to find the correct entry for the site and one needs to resort to manually copy and pasting the entry.
Solving the Missing Entry Problem When Using Auto-Type
To solve the problem of KeePassXC auto-type not finding your password entry, edit the auto-type tab of the particular entry to specify the window it should be triggered by and specify the words it should look for in the title.
Alternatively, you can use a plugin like TitleURL which will insert the domain of the website into the title of the page, thus triggering the entry as long as the URL is specified in the entry. This makes the auto-type feature MUST easier to use. Of course, using a plugin opens a possible attack vector, but at least the plugin won’t be accessing the KeePass database.