S10 Password Vault

any of you folks know how to add custom strings/fields to Keypass?

i looked at the online help but didn't find anything.

 

Is it this what you're looking for? http://keepass.info/help/base/fieldrefs.html

 

Not sure how much i can help as i mostly use Lastpass but i do use keepass for 1 site that required figuring out how to input "3 fields" instead of the usual 2. This is how i did it and it works great.

1 - User ID: In keepass, used "username"

2 - Account Number: In keepass, listed this number under "notes"

3 - P.I.N.: In keepass, used "password"

Now in the included image, you will see the "sequence" i created to input my information for the site "in the proper order/fields"

Also try to use "2 channel auto-type obfuscation" as this was the only way to pass the spyshelter keylogging tests. Simple "drag & drop and copy/paste failed these tests!

 

actually, i downloaded the wrong version; only version 2.x supports custom strings/fields.

i like to use those, for example:

address: 123 main street
phone: 111-111-1111

so i can easily fill out different forms online and not just websites logins.

 

Interesting. You mean keylogger or are also thinking about the clipboard test?

Unfortunately, my tests revealed that the two-channel auto-type obfuscation didn't prevent the clipboard monitoring when copying both username and password (right-clicking the entry in KeePass and choose copy username and copy password). Which makes sense, because there's no auto-typing, only normal copy and paste.

It does prevent the keylogger test, though. Because no normal copy and pasting happens.

 

I simply go to the entry i need in keepass/right click/ and select "autotype" which fills in "all" 3 fields at the same time. This passed the keylogging tests from spyshelter.

 

Oh, OK. Yes, that beats the keylogger test. Considering you mentioned copy & paste, I thought you were also mentioning normal copy and past, by right clicking the entries.

 

i am trying out Keypass and i like it so far.

tnx a bunch again to m00nbl00d for the tip on how to enter the Master Password in Secure Desktop.
it's a little extra security that goes a long way.

tnx also to tobacco for the double obfuscation trick.

 

Considering that you're running Windows 7, you could tighten things a bit more.

If I were you , I'd be running KeePass as Administrator (elevate to Administrator privileges, that is), and I'd apply an explicit HIGH integrity level to it.

Code:

@echo off
chml "%PROGRAMFILES%\KeePass App\KeePass.exe" -i:h -nw -nr -nx
cd "C:\Program Files\KeePass App\"
start KeePass.exe

This is a batch file that I create, that I run with Administrator privileges. The batch file sets an explicit high IL to KeePass.exe, with the flags NoWriteUp, NoReadUp and NoExecuteUp. This means that no object with a LOWER (medium/low) integrity level will be able to write, READ or execute to/from KeePass.exe.

Together with the Secure Desktop feature...

I'd actually elevate KeePass with a secondary administrator account, just for KeePass.

As an example, I've set a browser profile with a HIGH integrity level with the flags NW NR and NX. Spyshelter keylogger test fails to log anything typed in the browser, because it can't read the browser process, running with a higher IL. The keylogger test was running with an inherited medium integrity level.

As long as the malware is running with a lower IL, and the browser/application has an explicit higher integrity level (medium/high), the keylogger won't be able to log anything.

There's still room for screenloggers and clipboardloggers , though. But, other measures need to be in place, obviously.

-edit-

The batch file is assuming that chml.exe by Mark Minasi is placed in C:\Windows\System32\

 

tnx a lot for taking the time m00nbl00d.

however, this kinda stuff is a little too technical for me not to mention it crosses my threshold of tolerance when getting involved with this stuff. '
--------------------------------------------
edit:
i've been trying out Keypass since last night and although it is very good i still prefer S10 PV.

 

Who is S10 Software? How do I know this isn't, or won't become, spyware?

 

that's a very good point you have there.
i wonder the same thing about some little known app i use sometimes.

and you have to be concerned even more about an app such as this which deal in privacy and security.

i am still considering Keepass since it's open source...

 

moontan - I tested the AntiKeylogging feature in S10 Password Vault using the Zemana test app and it appears to work fine for me. If you turn off AntiKeylogging (via the button next to the master password field), Zemana captures the password, but if you turn it on, Zemana just captures a whole bunch of random characters. Tested both XP and Win7. Feel free to send me more details at info@s10soft.com on what specifc case did not work for you.

sun88 - S10 Software is just me. I run it as a small business on the side. My full-time job is with GE Healthcare IT - I have 20+ years of enterprise software development experience, much of it dealing with security, privacy, encryption, etc. My software is digitally signed and I promise you it will never contain spyware/adware - that would be a quick death sentence for a product like this. And again, my website explains how you can verify the encryption with publicly available tools.

Thanks,
Sten Herlitz

 

Even though there is already a bunch of good KeePass info in this thread, I have more KP questions, but I think I'd better start a separate thread so as to not hijack this S10 topic. I'll post the link back here when I start it.
KeyPass configuration thread

 

tnx Sten,

that sounds fair enough.

i'll be in touch with you regarding S10.

 

Is there anyway the icons and fonts can be made a little larger.My old eyes struggle a little with how small they are.I'm liking this app very much though.
ellison

 

there is no option that i can see to re-size either the GUI or the fonts.

i suggest you contact the developer via email.
he comes here very rarely...

 

Thanks..
I think I will.S10 looked promising ,but cant seem to auto enter https entries like banking sites,though I can drag and drop.Im not sure wether this is because the https login field is called userid rather than login.Ive used the custom>advanced>set focus/click item feature,but this doesn't seem to work on my banking site.I guess because its https?
ellison

EDIT......
My bad...all my https sites work except my main banking site.Funnily enough that doesnt auto fill with my current password manager sticky passwords either,although it used too.

 

What I don't like about S10 Password Vault is the misleading information regarding Dropbox. This completely turned me off, beside the price tag.

Best regards,

KOR!

 

What misleading information?

 

My bad, I was thinking about 1Password.

My appologies!

Best regards,

KOR!

 

Yeah...I, was wondering what you meant about the price too as its donation .I quite like it at the moment.I had to email the developer twice and fairplay ,I had quick replies with the help I needed to use it.I like its simplicity.
ellison

 

glad you like it m8!
although it is simple to use S10 PV has more features than 99% of password managers out there.

 

Its a shame that S10 doesn't offer to automatically insert new login data like most password managers do when you login somewhere new.I find S10 really good but it does require a lot of manual work to set it up.Theres also a problem when using custom >advanced >set focus to find the position of the login area on a page too.It works fine as long as you don't change the size of the page (using zoom),which i guess is a limitation more than a problem.Im hoping the developer will continue to make it easier for the novice.I havent found any problems with the keylogging function though ,and its always worked using the zemanna test for me.
ellison

 

i think that would only work if there were a browser addon though.

i feel it's safer without the addon.