Survey Analysis

Thanks to the hundreds of people that offered opinions, suggestions, criticism and praise in the survey that I sent out last year.

I’ve now had time to analyse the results and read your comments so I thought I’d post a summary of the main points here. I’ll go into the results for each of the questions about feature priorities below but first here’s a summary of the actions resulting from this survey for those that want the quick version.

• Searching KeePass entries from within Firefox is coming in KeeFox 1.3
• Improved form detection and matching accuracy is coming in KeeFox 1.2; further improvements likely in 1.3 and ongoing
• Right-click (context) menus as an alternative to the toolbar buttons coming in KeeFox 1.3
• Fundamental changes to toolbar user interface not desirable but upcoming Firefox changes may force our hand in KeeFox 1.3 or 1.4
• Improved multi-page login support is coming in KeeFox 1.2; further improvements likely in 1.3 and ongoing
• Better support for specific unusual web sites (e.g. many banks) acknowledged as high priority for most users but technical and time restrictions will make for slow progress; some improvements in KeeFox 1.2 should help but many banks in particular will remain problematic for a long time to come.

Who answered the survey?

I only collected very basic demographic information but the following two graphs show that there was a nice variety of respondents who had been using KeeFox for varying lengths of time, with a slight skew towards long-term users (who presumably have had longer to form a “wishlist” of improvements). They also show that the vast majority of KeeFox users have installed KeeFox while looking to enhance their existing experience with KeePass (this ties in with the stats for the keefox.org website which shows that a majority of visitors to the download page are from the keepass.info plugins page).

Before getting into the details of the feature priorities, I’ll share this graph:

How content are you with the current KeeFox functionality? (1 = Not at all; 5 = Very pleased)

It’s encouraging to see that KeeFox is proving useful and this backs up some of the positive feedback you’ve been providing in AMO reviews. That said, there is clearly a long way to go before everyone is very satisfied so all we can do is hope that improvements this year will continue to push the graph in the right direction!

Individual feature priority breakdowns

I posted nine suggestions of improvements that need to be made to KeeFox and asked respondents to rank each from 1 (not at all important) to 5 (very important). Some of the suggestions were based on feedback I’d previously received and some on my own experience and expertise. I’ll put the graph of results for each improvement first and then comment on the results and explain what action might result.

Search KeePass entries from within Firefox

Result: A very mixed result, suggesting that many users are content with their current methods of initiating the login process for a website but there is a definite desire among enough users to justify the addition of this feature. My personal view is that this is a feature which some users won’t be able to fully appreciate until they have either tried it out or built up a larger collection of passwords.

Action: I’ll be implementing this in KeeFox 1.3

Improved form detection and matching accuracy

Result: Very clear desire from most users for an improvement in this area. There are always going to be occasional sites that don’t work but I’ll keep working to get as many as possible to work correctly. The list of reasons for which a site may not be filled correctly will shrink when KeeFox 1.2 is released but the reasons with no known solution so far are:

• Sites that employ complex JavaScript to submit the form
• Sites that use form fields without an actual form (often a strong overlap with the first reason)
• Sites that ask for different information each time (usually banks)

Action: KeeFox 1.2 will improve matters for some websites. KeeFox 1.3 and beyond will continue to build upon the improvements in KeeFox 1.2 once achievable improvements are identified.

Support for filling in forms without password fields

Result: Slight desire for this feature but most people don’t see it as a high priority.

Action: KeeFox 1.2 will allow some forms that fall into this category to be filled in, but only if they are part of a multi-page form. Maybe the improvement will work on a wider range of sites than I’ve intended - we’ll keep an eye on how it behaves in the wild but given the lack of strong feeling to start with I think spending time improving this further might not be a great idea.

Securely store the KeePass password in Firefox to enable automatic login to KeePass

Result: A strong feeling that this is unimportant.

Action: When considered alongside the difficulty (impossibility?) of offering such a feature securely, I’ve got no plans to implement this in the foreseeable future.

Right-click (context) menus as an alternative to the toolbar buttons

Result: Not the most important feature in most people’s opinion but it’s got more supporters than detractors and I still think I’d personally find it useful.

Action: It remains a high priority task which I hope to implement in KeeFox 1.3 alongside the related feature of keyboard shortcuts.

Reduce the number of toolbar buttons

Result: A strong feeling that the current toolbar button situation is not a big problem. While I do personally re-configure the toolbar when using KeeFox I don’t ever wish for a reduced number of buttons. I still would like to investigate this topic in more detail because I’m interested to assess the reasons behind the very vocal strong opinions for a reduction in button quantity.

Action: While I acknowledge an increasing trend towards single button add-ons (to the extent that some systems only permit single button extensions) I remain to be convinced that it is a move that is always in the user’s best interest.

There are a lot of ways that the KeeFox toolbar could be modified or replaced - removing some of the buttons is one of those ways but I still like the idea of exploring a variety of possible user interface changes in future - if we can prove that a change will be beneficial to a majority of users, without significant detriment to other users I’ll implement the change.

In fact, some significant user interface changes are being worked on in Firefox as a whole at the moment. One of those changes appears to remove the essential functionality that KeeFox relies upon to create its toolbar. If Firefox do not reverse direction within a few weeks we’ll be forced to rapidly come up with an entirely new interface for KeeFox. That will be an exciting and interesting challenge but as explained above and borne out by your responses, it really would be best if we could focus on other priorities!

Improved multi-page login support (e.g. username on page one, password on page two)

Result: A strong preference for improvement here but a noticeable tendency for supporters to consider it an important but not crucial feature. I suspect this is due to the relative rarity of multi-page forms.

Action: KeeFox 1.2 will support forms with a username on page one and a password on page two although some sites may still require some extra configuration. With feedback from KeeFox 1.2 users I intend to improve the out-of-the-box behaviour in this area in future versions of KeeFox.

Better support for specific unusual web sites (e.g. many banks)

Result: Another strong desire for KeeFox to work accurately with more web sites.

Action: In this case, KeeFox 1.2 adds the ground work for some further improvements but as explained elsewhere, banks are sometimes going to actively try to prevent software like KeeFox from working - with very limited development time available we need to pick our battles carefully so while I can foresee some further improvements in this area over the coming years we’ll have to acknowledge the unlikelihood of getting every site to work.

Faster or simpler installation / setup procedure

Result: A strong feeling that the setup procedure is OK as it is, limited by the obvious caveat that nearly all respondents to this survey are people that have already successfully completed the setup process!

Action: There are a couple of tweaks I might make in a future version of KeeFox but since the broad setup procedure is dictated by the limitations of Firefox, KeePass and Windows (or Linux, Mac, etc.) there is not a huge scope for widespread changes at the moment.

Other comments

As for the open comments that many of you kindly supplied, I have done a little tallying and found a surprising lack of repeated comments. The main gist of the feature requests (most common first) and my response are:

1. Create KeeFox for Google Chrome: Sorry, I only just have enough time to devote to KeeFox so despite a desire to improve password management for everyone across all platforms, it’s just not realistic for me to take on a new project like this at the moment. If anyone is interested in working on a port to Chrome (or any other browser) I am going to be working on some changes in KeeFox 1.3 which should make it a more realistic possibility so please get in touch.
2. Combine toolbar buttons: Covered above.
3. Support Linux / KeePassX: Linux is now supported; making KeePassX work is not really an option at the moment but maybe that will change one day.

Finally, I have to share this gem: “Do not really understand what keefox is or what it does or how to use it. I may be using it and just not aware of it.” Some people really love filling in surveys!

KeeFox 1.2 experimental build ready for testing

Please test out the latest version of KeeFox. There are over ten thousand lines of changed code so I’d like to get some wider testing from willing users before pushing the new version onto the development (beta) channel.

The biggest changes are to form detection and form field matching which I’m sure you can guess is a fairly large chunk of the add-on. The main benefits are:

Improved form matching and filling

• Forms no longer need a password field (this feature is powered by a set of white/black lists which will need refinement during this testing phase and with each future KeeFox release)
• More multi-page logins work correctly
• New types of form field dealt with correctly (HTML5)
• The old “monitor each web page for new forms” feature has been upgraded to allow monitoring on only specific websites (if you used the old feature, you shouldn’t notice any difference but I strongly recommend disabling this on all sites except for the occasional specific ones on which it is needed)

Per-site configuration allows:

• You to quickly get many previously problematic websites working correctly
• KeeFox developers to make most popular websites work for all users in a future KeeFox version (to start with we’ve got Microsoft live.com working which is the most frequently mentioned “problem site” at the moment)

New localisation module reduces work for developers and translators (hopefully leading to new translators joining the team) and allows the “useful tips” and similar messages to be translated for the first time. In the next few days I’ll publish a separate article with more background and detail about this work.

A new configuration storage system within each KeePass entry is required to enable some of the features above so once you upgrade your KeePass database you won’t be able to go back unless you revert to an earlier backup. The upgrade process has been tested (and applied to my personal database with 500 entries) but there may be edge cases I’m not aware of so please pay attention to the warning about making a backup.

Please use the new manual on the github wiki and the github issues tracker instead of the Sourceforge Trac manual and ticket tracker that we’ve been using for several years. I’ll announce this change to everyone in due course but it’ll be simpler if I wait until version 1.2 is released because it contains some information that doesn’t apply to KeeFox 1.1.

If you have a backup of your existing database (if not, why not?) please download version 1.2.0a1 from the usual experimental XPI location.

Please post on the forum if you have any problems or comments (and make sure to state that you’re using v1.2.0a1).

Error console can temporarily display passwords

I’ve just been made aware of a potential privacy concern which has been fixed in the latest version of KeeFox. Until you receive the updated version, please note that some of your passwords may be temporarily displayed in a console that is used for debugging. This “error console” is usually hidden from view and its contents are not retained but in certain circumstances this could be a problem so I’ve tried to fix it as quickly as possible.

If you do have this error console visible when using KeeFox 1.1.2 or earlier, please be extra wary of people looking over your shoulder when you log in to websites using KeeFox.

Also be aware that it is not possible to predict how long a password may remain visible somewhere in that error console so for extra security you could consider clicking on the “Clear” button at the top of the console window at a suitable time (e.g. when you would normally lock your KeePass database).

If you want to be the first to get the fixed version you can subscribe to the development (beta) channel but (although it is somewhat out of my control) I expect the fix to be made available to all KeeFox users soon.

Sorry for any inconvenience!

What next for KeeFox?

UPDATE: I’m currently analysing the results of the survey so please post any further suggestions or thoughts on the help forum. I’ll post any interesting results in a new article soon.

With KeeFox 1.1 recently released, I thought it would be a good time to ask you where you think KeeFox should be heading in future. To help me understand and keep track of your opinions and suggestions I have created a short survey which I would really appreciate you completing.

The survey has been active since version 1.0 was released but I’ve not yet received enough responses to draw any firm conclusions from the current results so please take a moment to answer the questions in the survey that you can find here: https://docs.google.com/spreadsheet/view … rmkey=dEVIOHNxMnAtTy00c0w4TDVjX2loY3c6MQ

I’ll analyse the responses and then post a summary of the results in a couple of months.

If you have any further suggestions or questions in the mean time, don’t forget to check out the help resources at http://keefox.org/help/

If you have already completed the survey then thank you! I’ve not had time to read individual comments yet but will definitely do so soon.

KeeFox 1.1.2 released

The recently released KeeFox 1.1.2 contains dozens of new and improved features and a few important bug fixes, the highlights are below.

• Multiple database support. Seamlessly work with more than one KeePass database thanks to these improvements:
  • Logins from all open (unlocked) databases are matched (and automatically filled / submitted depending on your configuration)
  • Logins from all open databases are listed on the Logins toolbar button
  • A new login can be saved into any open database
  • Changing databases from within KeeFox is now reliable and predictable
• Improved form matching accuracy: when KeeFox knows how many form fields to expect for an entry it will now use that information to help select the correct form on a page
• Instant edit feature added: Review and edit every entry that KeeFox saves (disabled by default).
• Memory leak fixed: This will be a big improvement for heavy Firefox users who do not shutdown Firefox for days or weeks at a time
• Added option to require more accurate URL matching for specific entries (previously possible through a hidden KeePass “advanced string”)
• Thunderbird support (in beta testing)
• Improvements to setup instructions, especially for non-admin users and Mono (Mac & Linux) users
• First-run improvements (e.g. automatic save of your first KeePass database and a link to information about importing existing passwords)

You should get 1.1.2 pushed to you automatically unless you have disabled Firefox add-on automatic updates. You can manually install it from the main Add-on page.

Known limitation: Newsgroup authentication prompts in Thunderbird do not work with KeeFox.

Apple Mac support: The immaturity of the Mono platform that Mac users require to make KeePass work is keeping KeeFox Mac support in beta testing for the time being. You can install the development version if you’d like to give it a try (it seems to mostly work if you have some patience and know what you’re doing)

Known bug: Shortly after the release of 1.1.2 I learnt that users who enable the Firefox master password (for use by other add-ons, Firefox Sync, etc.) sometimes experience problems entering the master password when prompted before Firefox has completely started. I have put a fix into version 1.1.3 which you can download from here: https://github.com/luckyrat/KeeFox/blob/ … d79301bb/XPI-package/latest.xpi?raw=true.

1.1.3 is an experimental build - although it has very few changes since the well-tested 1.1.2 it has not been thoroughly tested itself so I advise only installing it if you need to. I’ll monitor its usage and consider releasing it as an official tested version if it looks like enough people are affected by this bug.

I’ll be starting work on version 1.2 in a few weeks time so do let me know through the support forum if you find any bugs that I should be working on for that release. In the mean time, enjoy version 1.1!