Kee is a Firefox and Chrome extension that can auto-fill passwords from KeePass - gHacks Tech News

ADVERTISEMENT

Kee is a Firefox and Chrome extension that can auto-fill passwords from KeePass

A couple of weeks ago, LastPass changed hands, again. Some of my friends ditched it and moved on to BitWarden as a consequence.

Kee firefox chrome addon

While I see the advantages of using cloud-based services to store passwords, especially when it comes to comfort, I do find the use of such service to risky. What if their services get hacked or someone finds a bug in the service's extensions or apps that can be exploited?

Anyway, I managed to convince a friend to switch over to KeePass. His requirements were quite simple: cross-platform sync, a mobile app and auto-fill on desktop. It's easy, just place the KeePass database in your cloud storage service's folder (for e.g. Dropbox, OneDrive, GoogleDrive, or, if you want full control, a self-hosted solution) and you have cross-platform sync. It's safe because the database is encrypted.

My go-to choice for a mobile app is Keepass2Android Password Safe for Android (supports Quick unlock, fingerprint unlock, syncs to your cloud service), and KeePassium or Strongbox for iOS. While auto-type is natively supported in the KeePass desktop application, auto-fill isn't.

You'll need to use a browser extension for that. I used to recommend Tusk, but it is no longer maintained. The Kee add-on by Chris Tomlinson does a fine job. Kee was formerly known as KeeFox, and some of you maybe familiar with it.

You'll need two things to get it working

  1. The Kee extension for Firefox and Chrome. You'll also need the KeePass desktop application to be running in the background.
  2. The KeePassRPC plugin (from the same developer) which allows the add-on to communicate with the browser.

Install the extension from the Firefox add-on repository or the Chrome web-store. A new button will be added to the toolbar and it is in the "OFF" state after installation.

Navigate to the KeePass desktop application's plugins folder (normally C:\KeePass\Plugins) and place the KeePassRPC plugin file named KeePassRPC.plgx inside the directory. Restart KeePass if it was already open, and it should load the plugin.

Kee authorize

A new tab opens in the browser and you should see a window pop-up (in KeePass) asking you to "authorise a new connection". A code is displayed in the pop-up that you should enter in the box in the browser tab to authenticate the add-on to access the passwords from the desktop client.

The welcome screen of the plugin asks you to choose whether you want to create a new database, or use the existing one. Select the latter and login to your database as usual. That's it: you've setup Kee and KeePass to work together.

Kee is a Firefox and Chrome extension that can auto-fill passwords from KeePass

The Kee add-on's button is now usable. Does this work with KeePass portable? It does, that's what I use it with.

Kee Features

Bad puns aside, let's take a look at what the extension is capable of.  Auto-fill is of course the main feature of the extension. If you're on a webpage that has the same URL as an entry in your database, the username and password fields should be automatically filled by the add-on.

Kee demo

It works on most websites, but in case it doesn't, left click on the add-on's button and select "matched login entries". You can also use the browser's right-click context menu to do the same.

Kee addon

You can use the addon's pop-out menu for searching your database. This is the other option to use if autofill didn't work. You can type the website's name (for e.g. "ghacks") and the extension will list the relevant results to choose from.

Click on an entry (after searching) and it will take you to the corresponding URL. If you click on the hamburger menu icon next to an entry, it gives you three options: Edit, Copy Password and Copy Username. The password isn't edited by Kee, it is done in KeePass.

Kee can be used to save new entries when you login to websites (or generate a new one), but you'll need to manually click the add-on's button and select "Save login". You can choose to save the information in a new entry or update an existing one. The add-on can also be used for generating secure passwords and you can choose from Hex key 40/128/256 bit, or random MAC address. Once generated, it is saved to the clipboard and you can paste it in a password field, and use the save password option to store the new login.

Kee does not send your data to any server. The extension and the plugin are open source.

Note: You may come across "Kee Vault" in the add-on's menu, that is a premium password manager made by the same developer. It is completely optional, and hence not required for Kee to function.

Closing Words

Kee is an open source add-on, and so is the KeePassRPC plugin. You can find them listed on the plugins page on KeePass' official website. KeeForm is a good alternative, but requires installing its desktop application in addition to the extension.

Summary
software image
Author Rating
1star1star1star1stargray
5 based on 1 votes
Software Name
Kee
Operating System
Firefox, Chrome
Software Category
Internet
Price
Free
Landing Page
Advertisement

Previous Post: «
Next Post: »

Comments

  1. GillesP said on January 8, 2020 at 8:23 am
    Reply

    I’m currently using this extension and appreciate it a lot.
    Only drawback is that it’s documentation is pretty light and the support forum doesn’t help a lot: I’ve two questions unanswered since 6 weeks and still waiting.

  2. Stv said on January 8, 2020 at 8:49 am
    Reply

    “…you can choose from Hex key 40/128/256 bit, or random MAC address.”

    or you can add your own saved pattern from KeePass password generator like numbers, lower/upper case letters or special characters because many sites ask you to choose complex passwords.

    Since the Keepass2Android supports AutoFill i do not install any unnecessary proprietary application on my phone if it is usable from Firefox too.

  3. Anonymous said on January 8, 2020 at 8:53 am
    Reply

    I use KeePassHttp plugin which is also excellent solution.

  4. Janice said on January 8, 2020 at 9:19 am
    Reply

    I find your advice on using Keepass + cloud storage + browser extension instead of online password manager quite strange. Online password managers do nothing more than sync an encrypted binary blob of your passwords (just like your your .kdbx file) between your browsers/applications – every activity happens on your local machine. So instead of trusting a single entity (for example, Bitwarden), you have to trust at least three (Keepass, Dropbox and the unknown author of the browser extension)…

    1. Amonymous said on January 8, 2020 at 11:58 am
      Reply

      Well it’s free, so that’s one. More industrious people might also just self-host, as noted in the article itself, so that might work too. I heard that BitWarden can also be self-host, although I don’t know how that works or if it can work for individual customer or not.

      Also honestly Keepass is more proven than many others consider they pass EU audit quite well, and you have the choice to set how strong the protection is, so there’s that.

      1. foolishgrunt said on January 8, 2020 at 5:35 pm
        Reply

        Bitwarden also passed a third party audit.

        https://blog.bitwarden.com/bitwarden-completes-third-party-security-audit-c1cc81b6d33

        Yeah, honestly, I don’t think you’re going to find KeePass+DropBox to be significantly more secure than Bitwarden.

    2. Cor said on January 8, 2020 at 1:08 pm
      Reply

      While online password managers probably don’t know my password, I do think they can easily compare the data keeping my password secure, matching it to known password lists or people more willing to give up their password. Similar to Google and Microsoft recently did.

      I don’t think the EU did an audit, but KeePass is part of some sponsored bounty program. Perhaps they’re even an actual sponsor.
      I think many would drop KeePass instantly if the EU somehow got more involved besides paying the tab.

      1. Junaid said on January 8, 2020 at 3:12 pm
        Reply

        KeePass is open-source while whatever the claims are about other online password managers are e.g LastPass, we can’t completely trust them since we don’t know what their code is doing.

      2. Amonymous said on January 8, 2020 at 4:10 pm
        Reply
    3. john said on January 9, 2020 at 1:48 am
      Reply

      And also, something like Firefox’s built in “Lockbox” (free) gives most of the same functionality (even on android for non browser apps) and is dead simple to use. I tried keepass, but having to use extensions, manually set up a bunch of stuff, etc. only to have it not be as usable as Lockbox was a no go for me.

  5. Victor_ said on January 8, 2020 at 9:26 am
    Reply

    I’m using Keepass 2.42.1 on Windows 10 and auto-fill works fine. I just go to the website I want to login to, click on the Username box and press Ctrl+Alt+A. That’s KeePass’ global auto-type hotkey and it works fine for most websites. I previously installed Keywi but soon realized Keepass’ hotkey works just fine, no extensions needed.

  6. Ci4noz said on January 8, 2020 at 10:14 am
    Reply

    I’ve tried many pw managers over the years and, IMHO, found LastPass better than any other. Yes, I am well aware that giving you pw to third part, cloud, etc, is a risk. I know what I save and want to save in the cloud and I’m well with it.

    Considering how often KeePass is mentioned here I tried it some months ago. I also installed KeeFox for Firefox.
    My experience was definitely bad, since in most cases (that means many and many) autofill didn’t work at all. Also user experience is less good compared with LP.

    LastPass is not perfect but works very well in most cases.
    I think that this aversion against LP is little excessive and same is for the eulogize for KeePass.

  7. Klaas Vaak said on January 8, 2020 at 10:41 am
    Reply

    KeePass does not work well on Linux, KeepassXC works very well and has autofill too for which a global hotkey can be set. The UI of KpXC is a bit more pleasant than KP’s.

    1. Klaas Vaak said on January 8, 2020 at 12:36 pm
      Reply

      KpCX also works well on a Mac.

  8. jrogan said on January 8, 2020 at 1:23 pm
    Reply

    I still use Tusk and I am devastated by the news that the author stopped the development, especially because there is not any fork available.

    1. nobody said on January 9, 2020 at 9:41 pm
      Reply

      Devastated? Please don’t die for zeros and ones on a computer!

  9. Fuzzi said on January 8, 2020 at 1:52 pm
    Reply

    I just use an addon that adds the current URL to the window title like https://github.com/erichgoldman/add-url-to-window-title or https://addons.mozilla.org/en-US/firefox/addon/keepass-helper-url-in-title/
    No KeePass-Plugin required. Default autotype will work. No “connection” to the browser.

  10. Shane B said on January 8, 2020 at 2:00 pm
    Reply

    Use KeeWeb for desktop, has Win/OSX/Linux/Web versions.

    And ChromeKeePass is the best addon for Chrome bar none.

  11. Klaas Vaak said on January 8, 2020 at 2:05 pm
    Reply

    KpXC also works well on a Mac.

  12. Mike said on January 8, 2020 at 2:13 pm
    Reply

    MiniKeePass it’s free on iOS and totaly compatible with keepass database.
    No In-App Purchase.
    EXCELLENT according for me.

  13. blackmojo said on January 8, 2020 at 4:23 pm
    Reply

    Keepass & KeePass Tusk, for so many years I c’ant remind.

  14. Wayfarer said on January 8, 2020 at 7:01 pm
    Reply

    My three main requirements for a password manager are:
    1 – security – ok, obvious.
    2 – portability. For a whole range of reasons, installed apps or browser extensions are little use to me. I keep it on a pendrive, with a couple of secure backups.
    3 – simplicity. If it isn’t KISS, there’s always a temptation to write things down rather than use it.
    4 – insulated from outside interference – that means no cloud, no website services, etc, and blocked by my firewall.

    I’ve never found anything better than Keepass for all of these. I’ve tried all the rest – sometimes more than once – and been tempted by some. But imho Keepass still checks all the boxes I need to check personally.

    And – by the way – even if some hacker was to break open my kdbx file, he wouldn’t have my actual passwords. They’re in my memory-challenged old head, Keepass being a (now vital) mnemonic aid.

    They do say you’re not paranoid if they really are after you… ;o)

  15. Gary said on January 8, 2020 at 7:16 pm
    Reply

    Been using Keepass for years. I use Syncthing to distribute my kbdx between devices. Works a treat, no 3rd party services needed.
    I’m interested in Bitwarden though as its availability is spreading. A little worried about how much work there might be to learn a new product and transfer all my passwords

  16. chris w said on January 8, 2020 at 7:21 pm
    Reply

    Any advice on a KeePass stup from ChromeOS? Would KeeWeb be best? (Linux apps are available but run in a container in a VM so may not be able to communicate with Chrome in the main OS. Android apps also available, but also with sandboxing)

  17. Dm said on January 8, 2020 at 8:19 pm
    Reply

    Stupid unnecessary additional exposure to cyber attacks,either use chrome which auto fills the information itself or go the proper SSL encrypted best effort paid route via your AV/specialist security development house, simple pfffft

  18. Lemar said on January 9, 2020 at 4:05 pm
    Reply

    I am currently using a NordPass extension to manage all my passwords, maybe you can do a guide on them? (https://nordpass.com/)

  19. The said on January 15, 2020 at 8:27 pm
    Reply

    Kee is a malware trojan don’t use it , i have inform keepass, look by your self , it has some external ip code , not a 127.0.0.1 localhost adress, why aren’t you controlling plugin guys ?

  20. Blgo said on June 1, 2020 at 10:53 pm
    Reply

    I see there is a lot of emotional discusión from those who would bury their passwords in a bunker in the middle of the dessert just because is more secure and those who simply don’t trust something just because they haven’t seen am advert in Google ads about it or a review sponsored by the same company that the software is about.
    In my opinion, the keys are security, convenience, usability.
    All I want from a password manager is to be able to trust the technology used, use it in my phone, tablet and laptop and and find and use those passwords as easily as possible, including setup.

    In this there are only two options for me: KeeVault and BitWarden.
    To me, KeeVault is my choice. BitWarden might be more mature as web application, but KeeVault is backed by the KeePass format kdbx and its years of good reputation.

  21. Dhaval said on July 30, 2020 at 9:58 pm
    Reply

    Has anyone read this?
    https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040

    Not understood what is “Kee home group” actually? All passwords from this group are exposed.
    https://forum.kee.pm/t/keepassrpc-exploit-question/3043/3

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.