How do I use TouchID to unlock KeePassXC? #7935
Comments
|
To confirm, when you lock your database it does not show the Unlock Database text with the fingerprint icon? This would mean you are running an unsigned version of the application or you have disabled the use of TouchID on your system / Keychain. https://keepassxc.org/docs/KeePassXC_UserGuide.html#_quick_unlock |
|
Hi, I can reproduce this. Very weird, it was working just fine, then I rebooted my system and now the fingerprint is no longer there. Can provide logs or whatever if that helps troubleshoot. I am on 2.7.1 on Mac OS Monterey 12.4 |
|
You must use your full credentials after a reboot. Closing this as no response received. |
|
I know, sorry should have been more specific. After using full credentials, when I go to unlock the fingerprint does not show up anymore. |
|
Interesting, do you have the use of touch id enabled in your system settings? Can you unlock your computer itself using touch id? |
|
yes and yes. |
|
@droidmonkey can you open this ticket back up or would you prefer I raise another? |
|
There is nothing we can do about your situation unless you can provide details on why your computer doesn't say touch id is enabled |
|
touch id is enabled. i use it to unlock my computer. i can screenshot and show it to you if you'd like. |
|
That doesn't help, touch id works for everyone else.. need to know why not you |
|
Are you sure touch id is still enabled in the application security settings? |
|
i think you are on to something, that option does not even appear for me anymore. I am running 2.7.1 of the mac silicon version. Here is the debug info: KeePassXC - Version 2.7.1 Qt 5.15.2 Operating system: macOS 12.4 Enabled extensions:
Cryptographic libraries:
|
|
If the option is missing than that means Apple has told us that touch id is not available. Perhaps we got knocked off a privacy allowance list or something? |
|
I don't see anything in the settings that looks off, nor have I changed anything. here is a random variable that i'm not sure matters. my database file is stored on one drive so I can access it from two macs. the M1 is what i use 95% of the time. I signed into my other Intel iMac the other day and used Keepass, and that one is probably not on 2.7.1 (nor does it have touch ID). Could opening it up with a different version do something? |
|
No that doesn't make a difference. There really is no way to debug this because it is not possible to use Touch ID without a fully signed application. Actually that might be the problem, you should try redownloading the application and reinstalling it. Make sure all browsers are closed to prevent conflicts with the extension. Perhaps your installation got its signature invalidated. |
|
that fixed it. i rebooted and it still worked. very strange. |
|
1 |
On my end here (M1 MacBook Pro with Touch ID, macOS 12.6, KeePassXC 2.7.1) I can use Touch ID fine – as long as KeePassXC is still running. Once I quit the app and then restart it I always have to enter my long master password. Thanks |
|
It is not explicitly written, but it does mention that quick unlock works for subsequent logins to a database in the application. When you close keepassxc we erase the quick unlock store. This behavior will likely change in the future as we are more comfortable with the use of the os native tools to protect your database information. |
|
Thanks, Jonathan, this is good to know! 👍👍 |
|
If the option to lock the database on closing the lid (and quick unlock) is activated, I am asked to provide the master password. Is this no subsequent login? If I lock the database before closing the lid, I can use TouchID to unlock the DB after opening the lid. This behaviour is a bit strange. |
|
When your lid is closed then TouchID reports as unavailable and we cancel quick unlock. This could be improved and I believe it has been in a recent PR submission. |
|
2.7.4 Cant get touch ID to work at all. Works for everything else. I got the app from the website https://keepassxc.org/. |
|
If your MacBook has touch ID and the lid is open it works. Just unlock normally and it will ask you for your fingerprint. Next time you unlock it, you can do it with just your fingerprint. |
|
Ah I see. I have to lock the database then click the unlock button then use touch id. I really wish there was a "use touch id 100% of the time" feature. Every time the app is open, every reboot, every lid open: just prompt for touch id. I also REALLY miss the minimize + lock feature of the old keepass. Where I could hit control-L and have it lock and minimize at the same time. |
|
I agree, there should be an option to open the database via touch id, even though its not very secure. |
|
Security is what it is. Even a keylogger can bypass a million char master password. System identity can be spoofed. Even a password could be uploaded from the clipboard use when copy pasting unless the passwords entire use was fully encrypted (including memory). Pin, passkey, all security keys (even swipe badges), fingerprint, or whatever should be available for login as desired. Would be better is applications could tap into that as something that includes everything all in one. Maybe someday. I'd take a 100% passkey login or security key login any day along with master password as a backup/alt means. |
|
I agree, this feature exists as an extension for Keepass2 : |
Any news on this? I'd really like to see the full TouchID unlock (not just quick). |
I would highly recommend using an app called Strongbox with your keepass password file. |
|
As a new user of KeePassXC on macOS Sonoma, is there an option to use Touch ID when starting KeePassXC app right away? I do not mean when the app is running, the database gets locked and then I can quickly unlock it with Touch ID, but when I open from closed state the app itself (KeePassXC), that it right away asks me Touch ID? |
|
It's coming, #7020 |
|
I downloaded the latest version Release 2.7.7, which supports touchid feature on macos, but I still have to enter a password when I open it for the first time. Is there a way to solve this problem so that I can use touchid when I open it for the first time? |
|
Feature is not implemented yet |
Hello. I'm not sure if this is an issue but I can't for the life of me get the Touch ID activated/showing. I could have sworn that it was right on the unlock screen, just above the Unlock button, a checkbox saying "Enable TouchID" or something similar.
I was using it constantly before, with a super long password, so I needed it. For about the past 6-8 weeks however I gave it up as I was setting up my Yubikey and getting that up and running. I recently read that it's still important to have a strong password as that's what's used to encrypt the database so I thought I'd reactivate it.
I'm running 2.7.1, noticed it was missing in 2.7.0 but with the massive amount of changes, I figured it was just one of the many bugs and a subsequent release would be coming shortly, which it did, but unfortunately has not caused the checkbox to reappear.
I've tried toggling the setting (Touch ID / Windows Hello) off, lock, shut down, reboot, toggle on, etc but no luck. Not even a whiff of it other than the checkbox in Settings->Security to enable the feature.
Only 2 things I can think of that may be the cause:
Any suggestions would be mucho appreciated. Thanks for you time in advance. Love the product and look forward to having some free time to fire up a dev env and see if I can understand the code!
I'm kind of at a loss here.
Discussed in #7389
Originally posted by albertinix February 6, 2022
I'm using KeePassXC on macOS BigSur. I would like to use TouchID to unlock the database, but I don't know how and haven't found a guide on this.
I tried checking the box when opening the app - but that doesn't seem to do anything for me.
Any tips?
The text was updated successfully, but these errors were encountered: