KeePass   KeePass Help Center Home KeePass Home | Package Downloads | Flag Translations | Blocks Plugins | Donate Donate 
Home Help Center Home | People Forums | Award Awards | Link Links 







Locked

Secure Desktop

Details on the 'Secure Desktop' option of KeePass 2.x.


Locked General Information

KeePass 2.x has an option (in 'Tools' → 'Options' → tab 'Security') to show the master key dialog on a different/secure desktop (supported on Windows ≥ 2000), similar to Windows' User Account Control (UAC).

Benefit. Most currently available keyloggers only work on the user's primary desktop and do not capture keypresses on the secure desktop. So, the secure desktop protects the master key against most keyloggers.

Limitations.

  • Although most keyloggers do not work on KeePass' secure desktop, keyloggers can be developed to also work on it. This could only be prevented if KeePass would be running on a secure desktop with higher rights (e.g. as system process, like Windows' UAC), which however would be completely impractical, because KeePass could not interact (drag&drop, auto-type, integration plugins, ...) with other applications on the user's primary desktop anymore.
  • Currently, only the normal 'Enter Master Key' dialog can be displayed on a secure desktop, not the master key creation dialog or other master key prompts.

Compatibility. The option is turned off by default for compatibility reasons.


Help Why does a desktop switch occur during entering the master key?

Symptoms. While entering the master key for a KeePass database on the secure desktop, a switch to a different desktop occurs. KeePass then displays a message 'An application has switched from the secure desktop to a different desktop.', and offers to switch back to the secure desktop.

Reason. A different application is causing the switch. For example, users have reported the following applications to cause desktop switches:

  • Acronis Scheduler Helper (e.g. part of Acronis True Image WD Edition).
  • HitmanPro.
  • Seagate DiscWizard.
  • TeamViewer.

Solution. Unfortunately, KeePass cannot prevent other applications from switching to a different desktop. Therefore, the only solutions are to either turn off the secure desktop option of KeePass (in 'Tools' → 'Options' → tab 'Security') or terminate the interfering application.


Help Why does the Input Method Editor (IME) not work on a secure desktop?

Some Input Method Editors (IMEs) are incompatible with secure desktops. Trying to show such an IME on a secure desktop can result in problems (black screen, IME/CTF process with high CPU usage, ...). In order to avoid such problems, KeePass disables the IME on secure desktops.

If you need the IME for entering the master password, turn off the secure desktop option as follows:

  1. Start KeePass. If you are prompted for the master key (on the secure desktop), click [Cancel].
  2. Click 'Tools' → 'Options' → tab 'Security' → turn off the option 'Enter master key on secure desktop'. Close the dialog with [OK].
  3. Restart KeePass.

On the primary desktop, the IME can be used as usual.





Get KeePass