KeeFox Simple and secure password management
for Firefox users with KeePass

New KeeFox user interface design

With KeeFox 1.3 now released* and Firefox’s long-delayed redesign only a couple of months away, I’m currently working on a new way for you to interact with KeeFox.

There are a lot of details still to be finalised but the headline is that the toolbar will be replaced with a single button and all KeeFox features will be found in that one place.

I’m posting this article to explain how you can contribute your ideas and suggestions to help shape the final look and feel of KeeFox 1.4.

We still don’t know exactly when the new Firefox interface will be launched but it could be as early as the 29th of April so we need to complete work on KeeFox 1.4 very quickly. I’m therefore looking for questions and contributions over the next 3 weeks and I hope that within 6-8 weeks we’ll be able to have a version ready for beta testing.

Here’s an early peek at how KeeFox 1.4 will appear inside the new Firefox interface:

draft-icon.png

You can see a less pretty screenshot, more information about how the button will work and learn how you can contribute your suggestions or graphical design experience on this github issue. Otherwise, just hang tight and keep an eye out for these changes to reach your browser in a few months or so.

* Pending the usual Mozilla review process

Hola KeeFox users!

Fun fact: English reading KeeFox users are outnumbered by people that prefer to read other languages.

Unfortunately English is the only language in which I can write so to help the majority of KeeFox users to understand KeeFox I rely on the great work of translators that donate their time to help translate KeeFox into various languages.

Some languages are already complete and able to be included with the next version of KeeFox but most are not ready, including lots that are available for the current version of KeeFox but will be removed soon if they are not updated.

Over the next 10 days I hope that some of you will be able to join the translation team and translate some of KeeFox into your preferred language. It’s really easy to get started and you will:

  • be able to practise writing English, probably learning a little new technical vocabulary along the way
  • help others who speak your language but do not understand English very well
  • be able to use KeeFox every day in your preferred language

All translations completed by the 23rd February will be included in the upcoming KeeFox 1.3 but any significant new translation work will continue to be released to the beta testing channel every few weeks so even incomplete work would be a huge step towards getting your language into a future stable KeeFox release, even if it doesn’t quite make it for version 1.3.0.

We use a free website called Transifex to translate KeeFox. There is good documentation available on their website but the rough idea is that the text in KeeFox is divided up into about 350 different snippets of text; Transifex shows you the English “string” of text and asks you type in the equivalent text in your own language.

There are two “resources” in the KeeFox project - the “main” resource which should be completed before a language can be included in the stable version of KeeFox and the “FAMS” resource which contains the messages and tips that help new users. While the translation of the “FAMS” resource is important, I won’t hold back an otherwise complete language translation if that resource is incomplete.

Go to Transifex now to find out the status of your language or read on for more detail.

If you don’t see your language listed, you can request that it is added and I’ll try to respond quickly to your request.

If your language is already translated, you can review the translation work done by others to help check for typos, etc.

To test your translation you’ll need to use the beta version of KeeFox but it’s essentially ready for release now so don’t let that put you off.

At this time, the following translations will no longer be supported in KeeFox 1.3 unless someone is able to help out with the translation:

  • Czech
  • Danish
  • Dutch
  • Portuguese
  • Russian
  • Swedish (only 5 translations missing)

The following translations have been started but not yet reached a stage where they can be included in the stable KeeFox release:

  • Italian
  • Korean
  • Hungarian
  • Norwegian
  • Polish
  • Romanian
  • Vietnamese

Finally, the following languages have been added to Transifex because they are popular among KeeFox users so it would be great if you are able to devote a little time to translating these languages.

  • Taiwanese
  • Finnish
  • Japanese
  • Spanish

Thanks for reading and I hope you’ll join our translation team soon!

KeeFox has a privacy policy

In anticipation of some changes to Firefox that are coming in 2014 and as part of a wider effort to improve the KeeFox add-on, KeeFox 1.3 will collect anonymous system statistics and optional anonymous usage statistics about the way that users interact with the add-on.

No private data will be collected at any time - things like the URLs you visit and the contents of your password database entries will never be collected. Since the data is anonymous, there will be no way for it to be linked back to you.

Although the collection of this data does not impact on your privacy, I have created a privacy policy to help explain what is being sent from KeeFox so that connections to a KeeFox server do not cause any undue concern.

Examples of usage data include things like:
1) A menu item was clicked
2) A KeePass database containing 199 passwords was opened
3) An option was modified

Basic information about the system KeeFox is running on will be sent each time your browser starts but all usage statistics can be disabled if you prefer.

The full text of the privacy policy can be seen at https://addons.mozilla.org/en-US/firefox/addon/keefox/privacy/ and you can find out more about the collection of this data at https://github.com/luckyrat/KeeFox/wiki/en-%7C-Metrics-collection

KeeFox 1.3 is currently available on the beta testing (development) channel so we hope that it will be able to pass through the usual Mozilla Firefox review process within a couple of months.

Upcoming releases

KeeFox 1.2.5b1 released

Version 1.2.5 is nearly ready to be released so beta testers will soon be upgraded to this new version with a few small but important bug fixes:

  • A fix for Thunderbird 25
  • A couple of bug fixes that caused some passwords to not save to KeePass
  • Danish, French, Korean, Portuguese and Russian languages created / updated (some not complete yet)
  • Fix for intermittent failed KeePass shutdown on Mono (Mac/Linux)
  • Some other small changes

Big changes in KeeFox 1.3 and 1.4

Some big changes are coming to Firefox at the end of this year and we’ll be watching them as they develop over the coming month or two so that KeeFox 1.4 can continue to work beyond 2013. It could be an exciting opportunity to make some improvements to KeeFox so within a couple of months I’ll be posting a bit more detail about the changes and what we can all do to help.

Before then, I’ll be releasing KeeFox 1.3 which contains just as many large changes but they are fairly invisible by comparison to the ones expected in KeeFox 1.4.

KeeFox 1.3 contains support for keyboard shortcuts, context (right-click) menus and some big changes to the way that KeeFox communicates with KeePass.

It’s the last change that I’m most interested in at the moment because of the security and usability implications of changes to this part of KeeFox.

If you’re not technical, feel free to stop reading now but if you think you might be able to contribute a little time to review the current KeeFox 1.3 alpha release that would be very helpful.

I’ve posted a draft of the new communications protocol to the manual so please start by taking a read through that. There’re also a few non-technical pages available in draft:
KeePassRPC
Security levels

Version 1.3.0a1 is currently available as an experimental build on the 1.3dev github branch. Known issues include:

  • Several incomplete features make the build unsafe
  • Installing this build will probably prevent future versions of KeeFox (including later builds of 1.3.0) from working unless you delete your Firefox profile or make complex manual preference changes
  • Only tested on Firefox 25 on Windows 7
  • No UI to manage authorised clients
  • No UI to change the keyboard shortcuts
  • Context menu implementation incomplete
  • First-time user experience not working
  • Connection establishment logic needs more work and maybe better notifications to users, especially for the edge cases when things go wrong

If you come across anything else that’s a problem with either the specification or implementation of the new KeePassRPC protocol please raise an issue on github so we can discuss it further - note that no-one should be using this alpha version for sensitive data at the moment so don’t worry about responsible disclosure, etc.

I’ll add a few of the above issues to github so if someone else wants to help out by implementing some of them, please keep an eye on the issues listed in the KeeFox 1.3 milestone.

Over the next month or two I’ll be working on the remaining issues above, improving the documentation and generally working towards getting a beta version ready for the Autumn.

Survey Analysis

Thanks to the hundreds of people that offered opinions, suggestions, criticism and praise in the survey that I sent out last year.

I’ve now had time to analyse the results and read your comments so I thought I’d post a summary of the main points here. I’ll go into the results for each of the questions about feature priorities below but first here’s a summary of the actions resulting from this survey for those that want the quick version.

  • Searching KeePass entries from within Firefox is coming in KeeFox 1.3
  • Improved form detection and matching accuracy is coming in KeeFox 1.2; further improvements likely in 1.3 and ongoing
  • Right-click (context) menus as an alternative to the toolbar buttons coming in KeeFox 1.3
  • Fundamental changes to toolbar user interface not desirable but upcoming Firefox changes may force our hand in KeeFox 1.3 or 1.4
  • Improved multi-page login support is coming in KeeFox 1.2; further improvements likely in 1.3 and ongoing
  • Better support for specific unusual web sites (e.g. many banks) acknowledged as high priority for most users but technical and time restrictions will make for slow progress; some improvements in KeeFox 1.2 should help but many banks in particular will remain problematic for a long time to come.


Who answered the survey?

I only collected very basic demographic information but the following two graphs show that there was a nice variety of respondents who had been using KeeFox for varying lengths of time, with a slight skew towards long-term users (who presumably have had longer to form a “wishlist” of improvements). They also show that the vast majority of KeeFox users have installed KeeFox while looking to enhance their existing experience with KeePass (this ties in with the stats for the keefox.org website which shows that a majority of visitors to the download page are from the keepass.info plugins page).

chart_007.png

chart_013.png

Before getting into the details of the feature priorities, I’ll share this graph:

How content are you with the current KeeFox functionality? (1 = Not at all; 5 = Very pleased)

chart.png

It’s encouraging to see that KeeFox is proving useful and this backs up some of the positive feedback you’ve been providing in AMO reviews. That said, there is clearly a long way to go before everyone is very satisfied so all we can do is hope that improvements this year will continue to push the graph in the right direction!


Individual feature priority breakdowns

I posted nine suggestions of improvements that need to be made to KeeFox and asked respondents to rank each from 1 (not at all important) to 5 (very important). Some of the suggestions were based on feedback I’d previously received and some on my own experience and expertise. I’ll put the graph of results for each improvement first and then comment on the results and explain what action might result.

Search KeePass entries from within Firefox

chart_010.png

Result: A very mixed result, suggesting that many users are content with their current methods of initiating the login process for a website but there is a definite desire among enough users to justify the addition of this feature. My personal view is that this is a feature which some users won’t be able to fully appreciate until they have either tried it out or built up a larger collection of passwords.

Action: I’ll be implementing this in KeeFox 1.3

Improved form detection and matching accuracy

chart_016.png

Result: Very clear desire from most users for an improvement in this area. There are always going to be occasional sites that don’t work but I’ll keep working to get as many as possible to work correctly. The list of reasons for which a site may not be filled correctly will shrink when KeeFox 1.2 is released but the reasons with no known solution so far are:

  • Sites that employ complex JavaScript to submit the form
  • Sites that use form fields without an actual form (often a strong overlap with the first reason)
  • Sites that ask for different information each time (usually banks)

Action: KeeFox 1.2 will improve matters for some websites. KeeFox 1.3 and beyond will continue to build upon the improvements in KeeFox 1.2 once achievable improvements are identified.

Support for filling in forms without password fields

chart_018.png

Result: Slight desire for this feature but most people don’t see it as a high priority.

Action: KeeFox 1.2 will allow some forms that fall into this category to be filled in, but only if they are part of a multi-page form. Maybe the improvement will work on a wider range of sites than I’ve intended - we’ll keep an eye on how it behaves in the wild but given the lack of strong feeling to start with I think spending time improving this further might not be a great idea.

Securely store the KeePass password in Firefox to enable automatic login to KeePass

chart_002.png

Result: A strong feeling that this is unimportant.

Action: When considered alongside the difficulty (impossibility?) of offering such a feature securely, I’ve got no plans to implement this in the foreseeable future.

Right-click (context) menus as an alternative to the toolbar buttons

chart_006.png

Result: Not the most important feature in most people’s opinion but it’s got more supporters than detractors and I still think I’d personally find it useful.

Action: It remains a high priority task which I hope to implement in KeeFox 1.3 alongside the related feature of keyboard shortcuts.

Reduce the number of toolbar buttons

chart_014.png

Result: A strong feeling that the current toolbar button situation is not a big problem. While I do personally re-configure the toolbar when using KeeFox I don’t ever wish for a reduced number of buttons. I still would like to investigate this topic in more detail because I’m interested to assess the reasons behind the very vocal strong opinions for a reduction in button quantity.

Action: While I acknowledge an increasing trend towards single button add-ons (to the extent that some systems only permit single button extensions) I remain to be convinced that it is a move that is always in the user’s best interest.

There are a lot of ways that the KeeFox toolbar could be modified or replaced - removing some of the buttons is one of those ways but I still like the idea of exploring a variety of possible user interface changes in future - if we can prove that a change will be beneficial to a majority of users, without significant detriment to other users I’ll implement the change.

In fact, some significant user interface changes are being worked on in Firefox as a whole at the moment. One of those changes appears to remove the essential functionality that KeeFox relies upon to create its toolbar. If Firefox do not reverse direction within a few weeks we’ll be forced to rapidly come up with an entirely new interface for KeeFox. That will be an exciting and interesting challenge but as explained above and borne out by your responses, it really would be best if we could focus on other priorities!

Improved multi-page login support (e.g. username on page one, password on page two)

chart_003.png

Result: A strong preference for improvement here but a noticeable tendency for supporters to consider it an important but not crucial feature. I suspect this is due to the relative rarity of multi-page forms.

Action: KeeFox 1.2 will support forms with a username on page one and a password on page two although some sites may still require some extra configuration. With feedback from KeeFox 1.2 users I intend to improve the out-of-the-box behaviour in this area in future versions of KeeFox.

Better support for specific unusual web sites (e.g. many banks)

chart_008.png

Result: Another strong desire for KeeFox to work accurately with more web sites.

Action: In this case, KeeFox 1.2 adds the ground work for some further improvements but as explained elsewhere, banks are sometimes going to actively try to prevent software like KeeFox from working - with very limited development time available we need to pick our battles carefully so while I can foresee some further improvements in this area over the coming years we’ll have to acknowledge the unlikelihood of getting every site to work.

Faster or simpler installation / setup procedure

chart_015.png

Result: A strong feeling that the setup procedure is OK as it is, limited by the obvious caveat that nearly all respondents to this survey are people that have already successfully completed the setup process!

Action: There are a couple of tweaks I might make in a future version of KeeFox but since the broad setup procedure is dictated by the limitations of Firefox, KeePass and Windows (or Linux, Mac, etc.) there is not a huge scope for widespread changes at the moment.

Other comments

As for the open comments that many of you kindly supplied, I have done a little tallying and found a surprising lack of repeated comments. The main gist of the feature requests (most common first) and my response are:

  1. Create KeeFox for Google Chrome: Sorry, I only just have enough time to devote to KeeFox so despite a desire to improve password management for everyone across all platforms, it’s just not realistic for me to take on a new project like this at the moment. If anyone is interested in working on a port to Chrome (or any other browser) I am going to be working on some changes in KeeFox 1.3 which should make it a more realistic possibility so please get in touch.
  2. Combine toolbar buttons: Covered above.
  3. Support Linux / KeePassX: Linux is now supported; making KeePassX work is not really an option at the moment but maybe that will change one day.

Finally, I have to share this gem: “Do not really understand what keefox is or what it does or how to use it. I may be using it and just not aware of it.” Some people really love filling in surveys!

Share this page

Subscribe to KeeFox news...

by Email
with a reader (RSS)

Tags

  tutorial     JSON-RPC     security     snapshot     News     keefox     KeeICE     stats     mac     mono     KeePass     linux     .NET     KeePass API     Releases     KeePassRPC     release     development     help