keepassxc-browser
keepassxc-browser copied to clipboard
keepassxreboot
Usability enhancement: list of proposed credentials should be sorted by last access date/time
Expected Behavior
When you get focus of username field and in the connected password DB you have more than one option now you get list of possible options sorted alphabetically. It would be much more convenient to show it sorted by last access access date/time.
In Firefox it looks implemented this way. Maybe even more sophisticated - counting number of times it was used + last access time.
Possible Solution
As I could see in password DB information about last access time is presented so I suspect it should be not a big issue to sort options correspondingly.
This is possible yes.
The only problem that needs to be solved is that where to save that information. Browser's LocalStorage is not an option. Storing it to the KeePassXC side can be quite complex, but of course a custom attribute etc. can be possible.
The only problem that needs to be solved is that where to save that information. Browser's LocalStorage is not an option. Storing it to the KeePassXC side can be quite complex, but of course a custom attribute etc. can be possible.
Idea is not to maintain it on the browser level but utilize information stored in the password DB - they already maintain this information and update last access time when you call them from add-on (at least I got this impression).
So you don't need to store this information. In any case you receive a list of passwords, so if this list contains information about access time then it should be just sorted as soon as was received. Everything else in the code will stay untouched.
Biggest problem here is that when going to a site and credentials are received, the access time is probably updated in that position. So it will happen to all credentials for that site, not when a certain credential is actually used. So we are probably going to need to update the access time after the fill to KeePassXC side.
I have just performed some test. My imagination was wrong. In reality last access time is changed only when you have open record for editing (even if you didn't do any changes).
So we potentially could use last access time for sorting credentials but use case will be slightly different - user could play with last access time in the password manager to impact sorting order in the browser. It will work well for me though could looks tricky for users expecting simpler behavior.
Other solutions looks not well from the point of view of security - if we will store in browse login names then it will be a bad idea. Though if password DB has unique ID for every stored record then we could store {uniqueID: lastAccessTime} and use this information for later sorting.
I don't agree with this sort order since it can appear random to users. Alphabetical is the best and easiest method. Further, you can now search for credentials in the pop up dialog.
I don't agree with this sort order since it can appear random to users. Alphabetical is the best and easiest method. Further, you can now search for credentials in the pop up dialog.
@droidmonkey This is why I pointed that "It will work well for me though could looks tricky for users expecting simpler behavior." :)
Though both cases could be easily covered - add configuration that will give a choice for credentials autocomplition sorting: Alhpabetical (default) and By Last Access. So it will not break backward compatibility for regular users/cases and will cover more tricky cases for gourmets. :)
The problem is it adds significant complexity (compared to current operations) for a limited subset of users.
I'm not sure. Though I could be wrong as I just shortly checked the code and I'm not programming everyday.
It looks you will need:
- implement storing additional attribute representing Last Access Time in
kpxc.prepareFieldsForCredentials = function(autoFillInForSingle) {...} - implement sorting of credentials list by this new attribute in
kpxc.retrieveCredentialsCallback = async function(credentials, dontAutoFillIn) {...}if in add-on setting special sorting is turned on - implement UI and storing of sorting configuration (could be represent by checkbox with label "Use Last Access Time sorting instead of Alphabetical".
:)
Functions were found at https://github.com/keepassxreboot/keepassxc-browser/blob/develop/keepassxc-browser/content/keepassxc-browser.js
Last access time in the database itself is equal to last modified time. If we changed last access time everytime the browser extension accessed an entry then the DB would be saved constantly (if auto save is enabled) or at least cause the database to be modified every time you used KeePassXC. Neither of which is desirable.
@droidmonkey
Last access time in the database itself is equal to last modified time.
See my previous comment - it is not true. When add-ons access password DB it is not reflected anyhow (at least my today tests didn't show it). And Last Access Time is not equal to Last Modification Time.
You could open password DB and see that if you open some record for editing but do not save changes Last Access Time will be updated but Last Modification Time will be kept. This way owner of password DB could manage order.
BTW: You could mark in settings that this is experimental feature and not recommended to be turned on. :)
Did you press OK or CANCEL? When you edit an entry, don't make changes, and press OK, then both the modified and accessed time will update to "now". If you press CANCEL nothing will update.
@droidmonkey Sorry, my fault. My tests were not completely clean so you are right and in real life Modified and Accessed date/time are the same for all records in my password DB. Though it looks strange from the use case point of view. :)
But in general it change nothing. We could use Modified date/time for the same purposes of experimental sorting of proposed credentials on UI. And as I mentioned earlier from my point of view it does not look complicated.
We have removed last accessed from the GUI and we will not be implementing a feature that relies on "last accessed"