Starting with PfP 3.0, the application PfP Native Host has to be installed for PfP to work. This application provides the extension with access to configured KeePass password databases.
The application is designed to require no dependencies, it doesn’t need to be installed in a particular folder and doesn’t require special privileges. You merely need to download a file and to run it once for the initial setup.
With the application not being signed, the download process is non-trivial on some operating systems. That’s why I provide scripts that you can run to automate the process.
Do you prefer using the keyboard instead of clicking? All PfP functions can be reached using keyboard only, and it’s even more convenient than using the mouse.
The main keyboard shortcut you need is Ctrl+Shift+F which by default will open the PfP pop-up. There you can access all PfP functionality then.
By default, PfP will lock your passwords after 10 minutes of inactivity. In order to access your passwords, you have to enter the main password again. This is inconvenient, so why is it doing this?
Once you’ve entered your main password, all passwords stored in PfP are unlocked. Anybody sitting in front of your device at that moment can retrieve any or all of them. That’s perfectly fine of course as long as that anybody is you. But what if you left your device unattended? Do you always lock your device when leaving? And if not, what it your co-workers, friends or even children open up PfP while you aren’t there?
Should your passwords database ever fall into the wrong hands (e.g. because your sync storage is compromised), a strong main password will make sure its data cannot be decrypted. Common passwords and dictionary words are too easy to guess, you should go for something better.
So when creating a new database, PfP Native Host application will suggest creating a random passphrase for you. Such a passphrase is both easy to remember and secure, you should normally go with it.
What if your passwords database ever gets corrupted? Ideally, you should have a backup. Yet restoring from backup can also fail, and some passwords are too important to take that risk. That’s what recovery codes are for: to provide a printed backup for your most important passwords.
Why is this tool’s name stressing the pain of using passwords? The reason is that passwords are currently designed for robots with infinite and infallible memory, not humans. No person can come up with strong individual passwords for every website and remember them.
Actual people will resort to various strategies to cope with this situation. Usually it boils down to reusing passwords between websites and/or overusing “Forgot password” feature. Both have considerable security drawbacks.
There are plenty of malicious actors seeking access to your passwords. This article provides an overview of the common threats which might compromise your passwords.
Using PfP helps avoid several of these scenarios completely. For others, PfP will reduce the impact. The only scenario where PfP cannot help at all is a malware application running on your device.