Reviews for KeePass Tusk - Password Access and Autofill
KeePass Tusk - Password Access and Autofill by Brandon Davis
Response by Brandon Davis
Developer response
posted 7 years agoHey there! There's a lot here to respond to, but I'm going to try.
1. Sync.com is completely impossible to support. They provide no developer APIs or authentication. It's a shame, but no amount of effort on my behalf will make sync.com work.
2. Making the remember password meaning more obvious is definitely a goal. Actually, a lot of the controls in Tusk need better explanation. I'm pretty much out of space to put anything else on that line, but a hover dialog or something in the wiki is needed... I agree with you there.
3. I disagree that showing the keyfile name is bad. KeeWeb, KeePassXC, and KeePass2Android all do this. The keyfile doesn't provide security by being "obscure", i.e. a secret file on your computer. It provides a second factor of security. You combine "something you know" (master password) with "something you have" (a keyfile) to get strong encryption. Google "security through obscurity" for a great discussion on this topic.
4. Do you mean exporting settings so you can move them between browsers? This would be a great feature, but right now there aren't very many settings to keep track of, so it isn't much of a burden to get set up how you want it. As the settings complexity grows, I imagine this will happen.
Thanks for the detailed feedback and review!
1. Sync.com is completely impossible to support. They provide no developer APIs or authentication. It's a shame, but no amount of effort on my behalf will make sync.com work.
2. Making the remember password meaning more obvious is definitely a goal. Actually, a lot of the controls in Tusk need better explanation. I'm pretty much out of space to put anything else on that line, but a hover dialog or something in the wiki is needed... I agree with you there.
3. I disagree that showing the keyfile name is bad. KeeWeb, KeePassXC, and KeePass2Android all do this. The keyfile doesn't provide security by being "obscure", i.e. a secret file on your computer. It provides a second factor of security. You combine "something you know" (master password) with "something you have" (a keyfile) to get strong encryption. Google "security through obscurity" for a great discussion on this topic.
4. Do you mean exporting settings so you can move them between browsers? This would be a great feature, but right now there aren't very many settings to keep track of, so it isn't much of a burden to get set up how you want it. As the settings complexity grows, I imagine this will happen.
Thanks for the detailed feedback and review!