KeePassium 1.43 released

KeePassium 1.43 improves AutoFill matching, adds manual TOTP setup and fixes a few bugs in desktop version.

Improved AutoFill matching

In this version, KeePassium AutoFill became much smarter about domain names.

Imagine you have an Amazon account with the corresponding entry in your database stored with the URL “https://amazon.co.uk”. As a savvy shopper, you check several storefronts and find a better deal at amazon.de, so you go there and try to sign in.

When you open the AutoFill, the system tells it to search for a long URL starting with

https://www.amazon.de/ap/signin?openid.pape.max_auth_age=0…

Quite different from the short “https://amazon.co.uk” in your database, isn’t it? Previously, KeePassium would struggle to match these domain names.

Starting with this update, KeePassium knows about the public domain suffix list (such as .com, .co.au, .ac.uk) and now it can:

  • Simplify the long search hint to its main domain “amazon.de”
  • Simplify the entry’s URL to “amazon.co.uk”
  • Realize the main domains still don’t match.
  • Further simplify each domain to its probable service name, “amazon”.
  • Match the entry and include it as possibly relevant.

Sounds nice! But that was an easy case.

Sometimes the same service can have very different domain names. For example, your Stack Exchange account would also work on stackoverflow.com, serverfault.com, and superuser.com.

How can we match the same entry to different sites? Simply include the alternative domain names (or URLs) as custom fields:

Entry with alternative AutoFill domains
Entry with alternative AutoFill domains
  • URL: https://stackexchange.com
  • Alt domain 1: stackoverflow.com
  • Alternative URL 2: https://serverfault.com
  • Field_name_does_not_matter: superuser.com

Now, KeePassium will find the entry whenever you open the AutoFill on any of these websites.

Manual TOTP setup

As you probably know, KeePassium can work as an authenticator app and generate time-based one-time passwords (OTPs).

The process starts with the initial setup, where the target service generates a secret key and shares with the the authenticator app. Typically, the secret is displayed as a QR code that can be quickly scanned by a mobile device.

Sometimes, however, you cannot scan the code — for example, when running KeePassium on a computer. In this case, you can enter the secret code manually:

TOTP setup options
TOTP setup options

For more details, please check how to setup OTP codes in KeePassium.