KeePass for multi-page forms and shared domain accounts

I start using KeePass this week after watching a video on keyloggers from DEFCON and after I was made aware of how powerful AES encryption can be after watching a reverse engineering discussion on Wannacry attack last week by Computerphile.

Background asides, as soon as I start using KeePass, I run into two significant drawbacks with browser integration. After a while fiddling around the settings, I manage to make it works perfectly. Here’s the two issues I ran into and how I tackled them.

MULTI-PAGE LOGIN FORMS

The first one is multi-page login forms. Most email providers (Gmail, Outlook, Yahoo) nowadays have this extra layer of security. Multi-page login forms ask the user to enter the username / email address in one page, click “Next” button, then enter the password in a different page. This method prevents simple bot scripts and notifies the user if they got the username wrong (no more guessing which one is wrong now).

Multi-page login is the bane of password managers like KeePass and LastPass. The traditional approach in KeePass is to open the window, select the entry and Ctrl+V manually. KeePass detects which field the pointer is selecting and fills in the blank accordingly. It is hardly convenient though.

Luckily, in KeePass, there’s a way to automate all this without any plug-in. The software allows custom Auto-type sequences and it supports quite a number of operations that allows the user to construct a complete pipeline. Simply go to Edit Entry menu, choose Auto-Type tab, tick “Override default sequence” and copy paste the script below:

{CLEARFIELD}{USERNAME}{ENTER}{DELAY 2000}{PASSWORD}{ENTER}

Save the entry and you’re done.

The next time you have to login Gmail, simply select the text field, press Ctrl + Alt +A and watch the magic happens. The script will clear the text field (if not empty), type your username, press enter, wait 2 seconds for the password page to load, type your password and then login. Everything is done automatically.

SHARED DOMAIN ACCOUNTS

Okay, that’s one neat thing. The next problem occurs when you have more than one email account. This is not a problem in LastPass but it is in KeePass. KeePass matches the title of your browser window. It does not read the URL in the address bar. If you look around, there’s plugin to show the URL in the window title but it is not exactly the most elegant solution out there.

KeePass has a neat entry selection window for forms that match multiple entries. While you cannot create two entries of the same title. You can create custom sequences that target the same window for different entries. Go to Auto-Type tab again, click Add button and select your login form window from the Target Window drop down list. If you can’t find the right window in the list, exit that menu, make sure the form is open and try the same steps again.

You can use this in combination with the other trick to make multiple accounts work for the same multi-page login service.

Keepass multi acc