Page 1 of 1

Auto-type from desktop client (for other desktop clients)

PostPosted: Wed Sep 04, 2019 9:32 pm
by avalokiteshvara
KeePass has a very handy feature that will auto-type a password into any client. I would love to see the same feature implemented in the LastPass desktop client.

The intent of this is to allow LastPass to type passwords into desktop clients, to improve upon the current restriction of only being able to auto-enter passwords in browser-based clients on desktop environments. Currently you can only copy/paste into desktop clients. I feel auto-type would be more secure and less risky than the copy/paste approach, so credentials do not have to be stored in the clipboard at any point.

It works like this by default:
1) Right-click and click "Auto-type".
2) Client will submit Alt+Tab to switch to next window (the one you wanted to auto-type into)
3) Client will type username
4) Client will Submit Tab to switch to next field
5) Client will type password
6) Client will submit Enter

This is also customisable, where in KeePass you can specify search-strings to match the title of a window. If the title matches, it will use the custom key-sequence instead (e.g. "[Username][Enter][Wait 100][Password][Enter]").

There is a slight increase in risk when using this in KeePass if either the last window you had open was not the intended window, or if the key-sequence doesn't match the client (e.g. if you are trying to type into a SSH terminal which needs an Enter instead of Tab to move on to password). This can result in the password being pasted and submitted in clear-text fields such as the username, which is subsequently logged in clear-text logs on a server, which is quite risky, so due-care is necessary.

In order to make this less risky in LastPass, I would suggest by default having a prompt after you press Auto-Type, which will present you with the intended action (which window, and the sequence of keys that will be submitted), which is configurable with a "Do not show this again" option.

Even better if, immediately after pressing Auto-Type, the prompt lets you see a list of windows that are open, and you specify which to auto-type into.

Another option would be for LastPass to present an overly that steps you through the auto-type, which would function as-follows:
1) Right-click the Password in LastPass and click Auto-Type.
2) LastPass submits Alt+Tab to switch to the previous window
3) LastPass presents a desktop-overlay specifying "1) Click on the username field where you would like me to type the password"
4) User clicks in the desired Username field of the desktop client
5) LastPass auto-types the username into the clicked field
6) LastPass presents a desktop-overly message specifying "2) Click on the password field where you would like me to type the password"
7) User clicks in the desired Password field of the desktop client
8) LastPass auto-types the password into the clicked field
9) User is then left to click on the "Login" button of the client, so as not to risk incorrect submission of any details.

The above is a more laborious but less-risky approach that is still of similar utility.