Thanks to the hundreds of people that offered opinions, suggestions, criticism and praise in the survey that I sent out last year.
I’ve now had time to analyse the results and read your comments so I thought I’d post a summary of the main points here. I’ll go into the results for each of the questions about feature priorities below but first here’s a summary of the actions resulting from this survey for those that want the quick version.
- Searching KeePass entries from within Firefox is coming in KeeFox 1.3
- Improved form detection and matching accuracy is coming in KeeFox 1.2; further improvements likely in 1.3 and ongoing
- Right-click (context) menus as an alternative to the toolbar buttons coming in KeeFox 1.3
- Fundamental changes to toolbar user interface not desirable but upcoming Firefox changes may force our hand in KeeFox 1.3 or 1.4
- Improved multi-page login support is coming in KeeFox 1.2; further improvements likely in 1.3 and ongoing
- Better support for specific unusual web sites (e.g. many banks) acknowledged as high priority for most users but technical and time restrictions will make for slow progress; some improvements in KeeFox 1.2 should help but many banks in particular will remain problematic for a long time to come.
Who answered the survey?
I only collected very basic demographic information but the following two graphs show that there was a nice variety of respondents who had been using KeeFox for varying lengths of time, with a slight skew towards long-term users (who presumably have had longer to form a “wishlist” of improvements). They also show that the vast majority of KeeFox users have installed KeeFox while looking to enhance their existing experience with KeePass (this ties in with the stats for the keefox.org website which shows that a majority of visitors to the download page are from the keepass.info plugins page).
Before getting into the details of the feature priorities, I’ll share this graph:
How content are you with the current KeeFox functionality? (1 = Not at all; 5 = Very pleased)
It’s encouraging to see that KeeFox is proving useful and this backs up some of the positive feedback you’ve been providing in AMO reviews. That said, there is clearly a long way to go before everyone is very satisfied so all we can do is hope that improvements this year will continue to push the graph in the right direction!
Individual feature priority breakdowns
I posted nine suggestions of improvements that need to be made to KeeFox and asked respondents to rank each from 1 (not at all important) to 5 (very important). Some of the suggestions were based on feedback I’d previously received and some on my own experience and expertise. I’ll put the graph of results for each improvement first and then comment on the results and explain what action might result.
Search KeePass entries from within Firefox
Result: A very mixed result, suggesting that many users are content with their current methods of initiating the login process for a website but there is a definite desire among enough users to justify the addition of this feature. My personal view is that this is a feature which some users won’t be able to fully appreciate until they have either tried it out or built up a larger collection of passwords.
Action: I’ll be implementing this in KeeFox 1.3
Improved form detection and matching accuracy
Result: Very clear desire from most users for an improvement in this area. There are always going to be occasional sites that don’t work but I’ll keep working to get as many as possible to work correctly. The list of reasons for which a site may not be filled correctly will shrink when KeeFox 1.2 is released but the reasons with no known solution so far are:
- Sites that use form fields without an actual form (often a strong overlap with the first reason)
- Sites that ask for different information each time (usually banks)
Action: KeeFox 1.2 will improve matters for some websites. KeeFox 1.3 and beyond will continue to build upon the improvements in KeeFox 1.2 once achievable improvements are identified.
Support for filling in forms without password fields
Result: Slight desire for this feature but most people don’t see it as a high priority.
Action: KeeFox 1.2 will allow some forms that fall into this category to be filled in, but only if they are part of a multi-page form. Maybe the improvement will work on a wider range of sites than I’ve intended - we’ll keep an eye on how it behaves in the wild but given the lack of strong feeling to start with I think spending time improving this further might not be a great idea.
Securely store the KeePass password in Firefox to enable automatic login to KeePass
Result: A strong feeling that this is unimportant.
Action: When considered alongside the difficulty (impossibility?) of offering such a feature securely, I’ve got no plans to implement this in the foreseeable future.
Right-click (context) menus as an alternative to the toolbar buttons
Result: Not the most important feature in most people’s opinion but it’s got more supporters than detractors and I still think I’d personally find it useful.
Action: It remains a high priority task which I hope to implement in KeeFox 1.3 alongside the related feature of keyboard shortcuts.
Reduce the number of toolbar buttons
Result: A strong feeling that the current toolbar button situation is not a big problem. While I do personally re-configure the toolbar when using KeeFox I don’t ever wish for a reduced number of buttons. I still would like to investigate this topic in more detail because I’m interested to assess the reasons behind the very vocal strong opinions for a reduction in button quantity.
Action: While I acknowledge an increasing trend towards single button add-ons (to the extent that some systems only permit single button extensions) I remain to be convinced that it is a move that is always in the user’s best interest.
There are a lot of ways that the KeeFox toolbar could be modified or replaced - removing some of the buttons is one of those ways but I still like the idea of exploring a variety of possible user interface changes in future - if we can prove that a change will be beneficial to a majority of users, without significant detriment to other users I’ll implement the change.
In fact, some significant user interface changes are being worked on in Firefox as a whole at the moment. One of those changes appears to remove the essential functionality that KeeFox relies upon to create its toolbar. If Firefox do not reverse direction within a few weeks we’ll be forced to rapidly come up with an entirely new interface for KeeFox. That will be an exciting and interesting challenge but as explained above and borne out by your responses, it really would be best if we could focus on other priorities!
Improved multi-page login support (e.g. username on page one, password on page two)
Result: A strong preference for improvement here but a noticeable tendency for supporters to consider it an important but not crucial feature. I suspect this is due to the relative rarity of multi-page forms.
Action: KeeFox 1.2 will support forms with a username on page one and a password on page two although some sites may still require some extra configuration. With feedback from KeeFox 1.2 users I intend to improve the out-of-the-box behaviour in this area in future versions of KeeFox.
Better support for specific unusual web sites (e.g. many banks)
Result: Another strong desire for KeeFox to work accurately with more web sites.
Action: In this case, KeeFox 1.2 adds the ground work for some further improvements but as explained elsewhere, banks are sometimes going to actively try to prevent software like KeeFox from working - with very limited development time available we need to pick our battles carefully so while I can foresee some further improvements in this area over the coming years we’ll have to acknowledge the unlikelihood of getting every site to work.
Faster or simpler installation / setup procedure
Result: A strong feeling that the setup procedure is OK as it is, limited by the obvious caveat that nearly all respondents to this survey are people that have already successfully completed the setup process!
Action: There are a couple of tweaks I might make in a future version of KeeFox but since the broad setup procedure is dictated by the limitations of Firefox, KeePass and Windows (or Linux, Mac, etc.) there is not a huge scope for widespread changes at the moment.
As for the open comments that many of you kindly supplied, I have done a little tallying and found a surprising lack of repeated comments. The main gist of the feature requests (most common first) and my response are:
- Create KeeFox for Google Chrome: Sorry, I only just have enough time to devote to KeeFox so despite a desire to improve password management for everyone across all platforms, it’s just not realistic for me to take on a new project like this at the moment. If anyone is interested in working on a port to Chrome (or any other browser) I am going to be working on some changes in KeeFox 1.3 which should make it a more realistic possibility so please get in touch.
- Combine toolbar buttons: Covered above.
- Support Linux / KeePassX: Linux is now supported; making KeePassX work is not really an option at the moment but maybe that will change one day.
Finally, I have to share this gem: “Do not really understand what keefox is or what it does or how to use it. I may be using it and just not aware of it.” Some people really love filling in surveys!
It’s a lot of work for both developers and translators to ensure that an add-on is correctly translated into multiple languages but it’s a vital task for any add-on or software that will be used outside of the developer’s home country.
We want KeeFox to be available in many more languages but the existing Firefox localisation system does not do as much as it could to help us reach this goal.
This post will outline the changes I’ve made in KeeFox 1.2 in order to improve the localisation architecture for KeeFox and explain how other browser add-ons could use the same approach.
As I see it, these are the main problems with the standard Firefox localisation system:
|Duplication||There are two distinct sources of text.
In order to display a particular word or sentence in more than one part of an add-on it is sometimes necessary for that text to be translated twice. This can lead to mistakes and confusion, not to mention the extra workload it places on translators.
This duplication is not a problem for simple add-ons that are created using recent improvements in the add-on infrastructure but many complex add-ons like KeeFox can’t be re-written in this new way (for both technical reasons and the shear amount of time it would take).
|Fragility||Every language must have every piece of text translated or the entire add-on fails to function. This places a huge burden on translators and in add-ons such as KeeFox where there are many thousands of words to translate it can be a daunting prospect to start a new translation.
From a developer perspective, this limitation leads to much manual work before each release in order to ensure that only the correct and complete translations are pushed out to the add-on users. Thorough testing of this manual process is also difficult and laborious.
|Rigidity||Translation updates can only occur when the add-on code is updated.
Even a one character typo correction has to pass through the full Mozilla add-on review process which often takes several weeks and distracts their review team from more useful tasks. (Note: the review team does not actually look for text accuracy - it’s mainly a check for basic add-on security and functionality).
This also causes other issues such as unnecessary update installations for existing users and delays to the release date due to either waiting on ill or otherwise absent translators or the amount of work required to re-integrate the latest locale information every time.
- All locales are defined through .properties files.
- XML DTD files are not needed, even for localisation of XUL.
- If a translation for a particular string in the user’s current locale is not found, the “default” string will be displayed.
- In keeping with Mozilla standards, the “default” locale is “en-US” (although this would be easy to change if required).
- Locale definitions can be loaded after the application has started.
So this means
- No more XML DTD files.
- It works with existing Firefox property files.
- It works with dynamically loaded JSON locale files.
- It could work with existing Google Chrome JSON files:
- Parameters won’t work yet (mainly because Chrome takes a different approach to parameter selection but also because it’s not been a priority for me to implement that feature yet).
- See http://developer.chrome.com/extensions/i18n-messages.html for more details on the format of locale that could be supported in future.
What this means for KeeFox translators
- I’ll still be looking for 100% completion for each language included in the main KeeFox releases. The flexibility of the new system will provide protection against the mistakes that have previously caused entire countries to be unable to use KeeFox for several weeks.
- Temporary exceptions to the “100% complete” rule can be arranged as required.
- Translation can occur more independently of the release cycle of KeeFox.
- Languages do not have to be completed in order to be included in beta releases. This should help separate the task of translation from the testing phase of a KeeFox release and allow new translators to get their work seen before the entire translation process has been completed.
- The messages delivered by FAMS will continue to default to the existing English language and continue to be updated only when a KeeFox update occurs. Any translations added to the FAMS.keefox.properties file in Babelzilla will be included in the beta and final releases; 100% completion of this file is not required (although obviously I suspect that users will benefit if you can translate the whole lot).
- If I ever get around to implementing the “dynamic delivery over the internet” for FAMS messages there could be rare ad-hoc translation work (e.g. translating a security warning message) but I’ll provide further information on that when required.
- Having to manually construct a call to internationaliseElements() in each XUL file is messy. It should be possible to change this so that elements to be translated can instead be tagged with a class (or similar).
- Dynamic update delivery: The localisation architecture allows for instant updates from the internet but there is currently no infrastructure in place to deliver this.
- Dynamic update tools: The localisation file format is simple (JSON) but the existing Babelzilla translation does not currently support it so a temporary workaround will be required.
If you want to address any of those limitations please feel free to fork KeeFox and submit a pull request with your improvements.
Hopefully Firefox will release improvements to the core localisation system one day which will address the limitations that led me to develop an alternative solution for KeeFox. In the mean time, I thought other add-on developers might be interested in this work - documentation on its use is here: https://github.com/luckyrat/KeeFox/wiki/en-|-Technical#wiki-locales
Please test out the latest version of KeeFox. There are over ten thousand lines of changed code so I’d like to get some wider testing from willing users before pushing the new version onto the development (beta) channel.
The biggest changes are to form detection and form field matching which I’m sure you can guess is a fairly large chunk of the add-on. The main benefits are:
Improved form matching and filling
- Forms no longer need a password field (this feature is powered by a set of white/black lists which will need refinement during this testing phase and with each future KeeFox release)
- More multi-page logins work correctly
- New types of form field dealt with correctly (HTML5)
- The old “monitor each web page for new forms” feature has been upgraded to allow monitoring on only specific websites (if you used the old feature, you shouldn’t notice any difference but I strongly recommend disabling this on all sites except for the occasional specific ones on which it is needed)
Per-site configuration allows:
- You to quickly get many previously problematic websites working correctly
- KeeFox developers to make most popular websites work for all users in a future KeeFox version (to start with we’ve got Microsoft live.com working which is the most frequently mentioned “problem site” at the moment)
New localisation module reduces work for developers and translators (hopefully leading to new translators joining the team) and allows the “useful tips” and similar messages to be translated for the first time. In the next few days I’ll publish a separate article with more background and detail about this work.
A new configuration storage system within each KeePass entry is required to enable some of the features above so once you upgrade your KeePass database you won’t be able to go back unless you revert to an earlier backup. The upgrade process has been tested (and applied to my personal database with 500 entries) but there may be edge cases I’m not aware of so please pay attention to the warning about making a backup.
Please use the new manual on the github wiki and the github issues tracker instead of the Sourceforge Trac manual and ticket tracker that we’ve been using for several years. I’ll announce this change to everyone in due course but it’ll be simpler if I wait until version 1.2 is released because it contains some information that doesn’t apply to KeeFox 1.1.
If you have a backup of your existing database (if not, why not?) please download version 1.2.0a1 from the usual experimental XPI location.
Please post on the forum if you have any problems or comments (and make sure to state that you’re using v1.2.0a1).
I’ve just been made aware of a potential privacy concern which has been fixed in the latest version of KeeFox. Until you receive the updated version, please note that some of your passwords may be temporarily displayed in a console that is used for debugging. This “error console” is usually hidden from view and its contents are not retained but in certain circumstances this could be a problem so I’ve tried to fix it as quickly as possible.
If you do have this error console visible when using KeeFox 1.1.2 or earlier, please be extra wary of people looking over your shoulder when you log in to websites using KeeFox.
Also be aware that it is not possible to predict how long a password may remain visible somewhere in that error console so for extra security you could consider clicking on the “Clear” button at the top of the console window at a suitable time (e.g. when you would normally lock your KeePass database).
If you want to be the first to get the fixed version you can subscribe to the development (beta) channel but (although it is somewhat out of my control) I expect the fix to be made available to all KeeFox users soon.
Sorry for any inconvenience!
UPDATE: I’m currently analysing the results of the survey so please post any further suggestions or thoughts on the help forum. I’ll post any interesting results in a new article soon.
With KeeFox 1.1 recently released, I thought it would be a good time to ask you where you think KeeFox should be heading in future. To help me understand and keep track of your opinions and suggestions I have created a short survey which I would really appreciate you completing.
The survey has been active since version 1.0 was released but I’ve not yet received enough responses to draw any firm conclusions from the current results so please take a moment to answer the questions in the survey that you can find here: https://docs.google.com/spreadsheet/view … rmkey=dEVIOHNxMnAtTy00c0w4TDVjX2loY3c6MQ
I’ll analyse the responses and then post a summary of the results in a couple of months.
If you have any further suggestions or questions in the mean time, don’t forget to check out the help resources at http://keefox.org/help/
If you have already completed the survey then thank you! I’ve not had time to read individual comments yet but will definitely do so soon.