Frequently Asked Questions
Using new KeeForm
When KeeForm receives credentials from KeePass it starts a session, and the toolbar icon turns orange with a countdown showing the seconds remaining. During the session KeeForm keeps watching the page. In Automatic mode it retries filling automatically as the page changes; in Click to fill mode it keeps the blue lock icons and Ctrl+click ready until the countdown ends. (In older versions you clicked the toolbar icon to start another fill attempt; that now happens on its own.)
If you see the orange countdown on a page that is not a login page — for example one where you are already signed in — it means KeeForm is still armed and waiting; nothing has been entered. KeeForm only fills recognised login fields, so the risk is low, but it is still good practice to keep an eye on the countdown and to click the orange toolbar icon to end the session once you are done.
The session length is the Session timeout setting (default 25 seconds): lower it if you have a fast connection, raise it if pages load slowly for you.
Because KeeForm cannot tell that you are already signed in. When you start it for a site, it simply waits for login fields to appear and stays armed until either a form is filled or the countdown runs out. On a page where you are already logged in, no login fields appear, so nothing is filled — KeeForm just keeps waiting until the timer ends.
You can end it immediately by clicking the orange toolbar icon, which stops the countdown, discards the credentials, and removes any blue lock icons. KeeForm only fills recognised login fields, so the risk is low, but ending the session once you are done is good practice.
You don't need to. KeeForm now keeps looking and filling automatically for the whole session, retrying as the page changes until the countdown ends. In older versions clicking the toolbar icon started another fill attempt; that is automatic now, and the toolbar icon is the cancel/discard button instead.
To fill a specific field yourself at any moment, click its blue lock icon or Ctrl+click it.
- Green — connected to the KeeForm host and ready.
- Blue — waiting for the host (e.g. at startup, or when another browser is connected). KeeForm reconnects automatically.
- Red — cannot connect to the host. Check that the KeeForm application is installed and not blocked by antivirus.
- Orange with countdown — a session is active; KeeForm is filling or waiting to fill, and Ctrl+click is available.
- Checkmark (✓) — the last session filled successfully. For a few seconds you can click the icon to fill again (handy if the page redraws and clears the form); after that the credentials are discarded.
It means the form was filled successfully. For a few seconds afterwards KeeForm keeps the credentials so you can click the toolbar icon to fill again — useful if the page reloads or redraws and clears the form. Once the checkmark clears to the plain icon, the credentials have been discarded and nothing further is needed. You can change how long this lasts with the Re-fill window setting (or set it to 0 to discard immediately).
Some sites reload or redraw the login form a moment after it first appears — for example when a "Sign in with Google" or "Sign in with Apple" button finishes loading and the page re-renders. If that happens just after KeeForm filled the form, the site's own redraw clears the fields. KeeForm had already finished and reported success, so it does not keep typing into the page on its own.
To recover, wait until the form stops moving and click the KeeForm toolbar icon while it still shows the checkmark (✓). KeeForm keeps the credentials for a few seconds after a successful fill for exactly this case, and a click re-fills the settled form. If the checkmark has already cleared to the plain icon, the credentials are gone — just start KeeForm again from KeePass.
You can lengthen this window, or switch it off, with the Re-fill window setting. During the window the page stays safe: nothing is filled unless you click.
KeeForm only decorates fields it recognises as part of a login form. If you see two username fields with blue lock icons but the password field without one, that is deliberate: KeeForm found more than one possible username (for example a "log in with email or phone" form) and will not guess which you want, so it asks you to pick. The password field had no such ambiguity, so it is ready to fill as soon as you choose a username.
Detection isn't perfect, and occasionally a field KeeForm can fill doesn't show a blue lock icon straight away. First, try clicking the field — in almost all cases the lock icon appears once the field is focused. Even when the lock icon isn't visible, the centre of the field may already be active, so clicking the middle of the field can trigger filling.
You can also Ctrl+click the field, which works whenever KeeForm has recognised it. For a field KeeForm doesn't recognise at all, enable Force-fill any field and Ctrl+click it.
In Click to fill (the default), KeeForm finds the login fields and shows the blue lock icons but enters nothing until you click a lock icon or Ctrl+click a field. In Automatic, KeeForm fills the form as soon as it finds it. Click to fill is the safer default — you decide exactly when credentials are entered.
If you preferred how KeeForm behaved before — filling immediately, no icons — choose Automatic and turn Show icons off; that is close to the previous version's behaviour (with Ctrl+click added, which still works).
Automatic does not mean KeeForm fills everything on its own. When it cannot fill safely it still shows a blue lock icon and waits. The most common case is a page showing only a username field (no password yet): to KeeForm this looks the same as an ordinary text box such as a site search, so it will not type your username into it unprompted. It shows a lock icon instead — click it to fill.
The same applies when several candidate fields are present. This is intentional, so KeeForm never enters your details into the wrong field.
Ctrl+click any login field to fill its form. It is the most deliberate way to fill — nothing happens unless you hold Ctrl, so clicking around the page can never trigger a fill by accident. Because KeeForm has recognised the form, a single Ctrl+click can fill more than one field — typically both the username and password together.
Use it whenever you want to be certain, or to fill a recognised field without hunting for the lock icon. Ctrl+click works in every mode.
An expert option (off by default). Normally KeeForm only responds to fields it recognised as part of a login form. With Force-fill any field enabled, Ctrl+clicking any text field enters the username and Ctrl+clicking any password field enters the password — even on fields KeeForm did not recognise. It bypasses detection for the one field you click, so use it deliberately on unusual sites where normal detection fails.
Yes — uncheck Show icons in the options. KeeForm will still detect and fill forms; you just trigger filling with Ctrl+click instead of clicking a lock icon. This is handy if you find the icons distracting, prefer a cleaner page, or are on a site where they don't display correctly.
You control this with the Multiple forms setting (shown in Automatic mode): Fill first form, Fill all forms, or Let me choose. With Let me choose, KeeForm does not fill automatically — click the blue lock icon on the form you want, or Ctrl+click one of its fields.
On the first page only the username field is usually shown. KeeForm does not fill it automatically, even in Automatic mode: a single field on its own is indistinguishable from an ordinary text box, and we don't consider it safe or reliable to type your username into it unprompted.
So click its blue lock icon (or Ctrl+click) to fill the username, then submit. As long as the countdown is still running, KeeForm carries on watching the next page, and on the password step Automatic mode fills the password (in Click to fill, a lock icon appears on the password field for you to click).
No. KeeForm detects login fields by their position and type rather than by reading page text (so it works in every language). Occasionally a lone text field, such as a site search, looks just like the first step of a login. The blue lock icon does nothing unless you click it, so you can ignore it.
If the real login form hasn't appeared yet, it may be tucked behind a menu or a "Sign in" button that opens a dialog — open it, and KeeForm will detect and decorate the actual login fields.
No. KeeForm never has access to your password database. KeePass pushes only the single username and password for the entry you opened; KeeForm uses them to fill the form and then discards them. Nothing is stored by the extension, and KeeForm does not send the credentials to any server or third party.
Installation
In case there was a bug in older versions ...
Please download and run the latest version of the installer to update.
Strictly speaking KeeForm is not a plugin. KeeForm it is just an extension which is integrated via the KeePass URL override feature.
MENU -> tools->options-> TAB integration -> BUTTON Url OverridesPlease make sure the that the browser extension is installed and shows a "green light"
After enabling the browser extension, the badge color on the KeeForm icon should turn green. If it turns red, then the extension could not start. This can happen, for example, if you forgot to run the KeeForm installer in Windows. Or if the process keeform_host.exe is not able to start, but that should be very rare.
KeeForm will not fill forms which have more than two fields. Only the classic username and password combo is supported.
KeeForm uses just a simple, but effective heuristic method to automate logins, and it works 99% of the time ("not a scientific estimate"). For the remaining 1% you can still use auto-typing in KeePass.
Having said that, should you ever encounter a one-page login where KeeForm does not work, please send us the URL. We will try to improve KeeForm.
reg.exe ADD HKCU\Software\Mozilla\NativeMessagingHosts\org.keeform.host /d "C:\Users\USERNAME\AppData\Local\KeeForm\org.keeform.host.firefox.json" /f /t REG_SZ reg.exe ADD HKCU\Software\Google\Chrome\NativeMessagingHosts\org.keeform.host /d "C:\Users\USERNAME\AppData\Local\KeeForm\org.keeform.host.chrome.json" /f /t REG_SZKeeform also adds an override in the Keepass settings
MENU -> tools->options -> TAB integration -> BUTTON Url Overrides -> FIELD Override all entry URLS
Value
cmd://"%LOCALAPPDATA%\KeeForm\AutoIt3.exe" "%LOCALAPPDATA%\KeeForm\KeeForm.au3" {FIREFOX} "{URL}" "{USERNAME}" "{PASSWORD}"
(If you want to start Chrome, you will have to replace FIREFOX with GOOGLECHROME)
Only experienced users should attempt this. And backup your system first! Use this only to remove "early test versions" or in case the standard Windows uninstall method did not remove everything.
---Please run the un-installer first. This will take care of any registry entries and remove the KeeForm folder from your KeePass installation.
The un-installer will also try to remove the "URL override" configuration by restoring the previous value.
Should the uninstaller fail, please try the following steps.
Remove any KeeForm Folders in the %LOCALAPPDATA% folder and in your KeePass folder.
Remove the Url Override configuration.
MENU -> tools->options-> TAB integration -> BUTTON Url Overrides
If you see something like cmd://"...\KeeForm\" ... just remove it.
Remove all registry keys with the following commands.
reg.exe DELETE HKCU\Software\Mozilla\NativeMessagingHosts\org.keeform.host /f reg.exe DELETE HKCU\Software\Google\Chrome\NativeMessagingHosts\org.keeform.host /f reg.exe DELETE HKLM\Software\Mozilla\NativeMessagingHosts\org.keeform.host /f reg.exe DELETE HKLM\Software\Google\Chrome\NativeMessagingHosts\org.keeform.host /f
This should work in most cases by clicking on the KeeForm icon in your browser's toolbar.
When you see a username or password field, simply click the KeeForm icon to fill the fields.
Correct. KeeForm will not run on other platforms.
- Windows 10 is fully supported.
- Windows XP is not supported
- Windows 7 should work, but is not well-tested.
- Windows 8 probably works too, but has never been test.
The latest version does not use TCP anymore, and the password is not required anymore.
This optional. This field can be left empty. But it is recommended to use a password, of course.
If you want, you can enter a password during the installation to secure the communication between the KeeForm and Firefox (e.g. to prevent other apps "from accidentally" eavesdropping that communication). Don't forget to set the same password on the options page of the KeeForm Firefox extension as well. DO NOT RE-USE YOUR KEEPASS PASSWORD FOR THIS (or any other password).
Yes, it will still work, however the KeeForm installer won't be able to guess the location of your Keepass 2 configuration file. So you will have to add the override configuration manually.
Unfortunately KeePass does not throw any config error messages, so when a config error happens, KeeForm won't be able to alert you.
To add the KeeForm override, please run this command in a command prompt:
"%PROGRAMFILES(X86)%\KeePass Password Safe 2\KeePass.exe" -cfg-local:"\path\to\KeePass.config.xml" --add-urloverride --scheme:https --value:"cmd://\""%"LOCALAPPDATA"%"\KeeForm\AutoIt3.exe\" \""%"LOCALAPPDATA"%"\KeeForm\KeeForm.au3\" {GOOGLECHROME} \"{BASE}\" \"{USERNAME}\" \"{PASSWORD}\"" --activate
Instead of Chrome, you can also use {FIREFOX}, {EDGE}, or "path\to\browser.exe". Quotes are required if the path contains a space character.
To remove the KeeForm override, please run this command
"%PROGRAMFILES(X86)%\KeePass Password Safe 2\KeePass.exe" -cfg-local:"\path\to\KeePass.config.xml" --remove-urloverride --scheme:https --value:"cmd://\""%"LOCALAPPDATA"%"\KeeForm\AutoIt3.exe\" \""%"LOCALAPPDATA"%"\KeeForm\KeeForm.au3\" {GOOGLECHROME} \"{BASE}\" \"{USERNAME}\" \"{PASSWORD}\""
Please note, that the value has to be exactly the one you used in the add command, or else KeePass will fail to remove it.
Obviously, you could also remove the override with KeePass in
MENU -> tools->options-> TAB integration -> BUTTON Url OverridesGeneral
KeeForm was born in 2005. Since then KeeForm has never had any malware/adware/coinware/protestware.
However it is not uncommon that AV software report false positives. Even digitally signed KeePass has this issue from time to time.
You can check the current malware scan status using the link below:
KeeForm website
https://transparencyreport.google.com/safe-browsing/search?url=keeform.orgInstaller version 4.5.0
https://www.virustotal.com/gui/file/25b50dc7d013d8af3dc95a52f976b3978105e503213679a45797a40f70b5fc76Installer version 4.4.0
https://www.virustotal.com/gui/file/4fa5269897f2a047cd3a891476441f59eff5b6901cd4d5a1d1752c7dc1b105d5Installer version 4.3.0
https://www.virustotal.com/gui/file/bfbef42fb7f8b9eb65f4c2c0f84bee66d2460546a03c513a6574d3db4b4daaafInstaller version 4.2.0
https://www.virustotal.com/gui/file/335d9302efb12aa2a0015ac17ae45e3d70db19e21671f0d577d849a58ea76a9a/detectionInstaller version 4.1.0
https://www.virustotal.com/gui/file/8d2383a2a0e896d61388ba14c97a622dadcd62cf6400f5c924256fbffdfd95da/detectionInstaller version 3.5.1
https://www.virustotal.com/gui/file/a98782c9bd1490d56c9656bdf27821612a8af32edd97599611b2c2c5feffec57/detectionInstaller version 3.0.0
https://www.virustotal.com/gui/file/f7056b47c56d294e56c3c6058b42dbe214d18b82420aa0a31cbc5d0ef3668a1e/detectionIf you encounter any false positives, please report them to your AV vendor. We appreciate it!
Sourceforge link to release notes
https://sourceforge.net/p/keepass/discussion/329220/thread/3a0d58fa/?limit=100/The first version of KeeForm was released in 2005 in the AutoIt forums.
KeeForm bundles the following software in the installer package:
- AutoIt3.exe
- Include/*
- AES2.au3
That software is governed by the AutoIt license
https://www.autoitscript.com/autoit3/docs/license.htmWe try to help as much as possible, when/if we have time. You can contact us via Telegram or email directly. Or post in the KeePass forums.
This is on the todo-list, but other tasks have higher priority at the moment :(
But the installer includes the source code of the KeeForm FireFox and Chrome (and New Edge) browser extensions, the KeeForm native messaging component, and the KeePass add-on.
KeeForm uses a mix of programming languages.
- AutoIt (KeePass add-on)
- Golang (Native messaging)
- Javascript (browser extensions)