Even though you can safely store all kinds of accounts, passwords and notes in KeePassXC, it’s likely that the majority of what you will store are usernames and passwords for various internet accounts. And most of those accounts will be accessed through a browser. Wouldn’t it be nice if there was a handy way to automatically fill out online login forms with the account information stored in KeePassXC?
Well, you’re in luck, because there is.
With a handy browser extension installed, your browser can automatically discover that you’re trying to log in to an online account which username and password is stored in KeePassXC. The extension will pull the information it needs from the password manager, and you can log in with a simple click of the mouse.
I’ll cover how to use KeePassXC with Firefox in this guide. Why Firefox? Because it’s a fast and reliable, open-source browser with built-in privacy features, and that’s just the way I like my browsers. There’s a good chance you’re using Chrome, which is quite the opposite; a secretive, proprietary, closed-source browser controlled by Google, a company that earns its living by violating your privacy. You should dump Chrome. And while you’re at it, you should also dump Google.
But I digress. Let’s see how we can use KeePassXC with Firefox before it happens again.
Installing the KeePassXC extension in Firefox
- If you haven’t done so already, the first thing you should do is to download, install, and launch Firefox.
- Go to the KeePassXC-Browser extension web page. When installing a password manager browser extension, it’s extremely important that you install the correct one. There are unofficial versions of the extension floating around on the web, and those versions will steal your passwords. Verify that the extension you are about to install is created by the “KeePassXC Team”, and that it has a lot of users and reviews. What you see on the extension web page should be similar to the screenshot below.
- Click the “+ Add to Firefox” button.
- The extension will ask for a lot of different permissions, but that is normal. Click the “Add” button. This will install the extension.
- After the extension is installed, a KeePassXC icon should appear in the top right corner of the Firefox window.
- You’ll also see a popup confirming that the extension has been successfully installed. Click the “OK, Got it” button to dismiss the popup.
Connecting Firefox with KeePassXC
Now that the KeePassXC extension is installed in Firefox, we need to connect the extension with the KeePassXC application. First we need to configure KeePassXC to allow browser extensions to interact with the password manager.
- In the KeePassXC application (not the browser extension we just installed), select “Tools” from the menu, then select “Settings”.
- On the settings screen, select “Browser Integration” from the list on the left.
- Next, check the “Enable browser integration” checkbox, and then check the “Firefox and Tor Browser” checkbox. Your KeePassXC browser integration settings should look similar to the screenshot below.
- Return to Firefox, and click on the KeePassXC icon in the top right corner of the Firefox window.
- Then click the “Connect” button.
- A KeePassXC box like the one below will appear. Enter a unique ID, like “firefox”, for the connection between KeePassXC and the browser extension. Then click the “Save and allow access” button.
And that’s all there is to it. Firefox is now connected to KeePassXC.
When you browse to any site with a login form, you should now see a KeePassXC icon in the username form field. If you click on the icon, the KeePassXC extension will try to find stored credentials that belong to the site you’re visiting. If credentials are found, the extension will automatically fill in the username and password fields for you.
Using a browser extension is convenient, but it isn’t really necessary. You can simply copy credentials from KeePassXC and paste them into the login forms whenever you need them.
In fact, a browser extension might even be a security risk. Back in September last year, security researchers revealed a bug in the LastPass browser extension. The vulnerability made it possible for websites to steal credentials for the last account the user logged into using the LastPass Chrome or Opera extension. This is not an isolated incident either, other password manager extensions have had similar vulnerabilities.
So while the user experience is a lot smoother with a browser extension, you should probably do a risk assessment before you install one. Maybe interacting with KeePassXC directly is good enough for you?
|This post is part of the series KeePassXC|
|InternetKeePassXCPassword ManagersPRISM Break|
|2020-01-05 17:00 CET|