I find the KeepassXC autotype feature pretty dangerous if you make a mistake

I mean the default shortcut (I don’t know if you can change it) presses ENTER after autotyping. Typically one may by mistake click on the wrong place and you end up autotyping the password and if that wasn’t enough pressing enter automatically.. what if you enter it into an IRC or some other communication window by mistake? I would much prefer that the shortcut types it, but at least does not press enter.

I understand autotype protects you from clickboard exploits while you copy and paste. I have auto clear of the clipboard on KeepassXC after 5 seconds, but I guess autotype is even better, since it never leaks the clickboard attack vector. Nontheless, I find it a bit risky if you aren’t paying 100% attention. I would like to use it but at least do not automatically press ENTER. So how do I add a shortcut that just autotypes it but does not press ENTER?

Yeah, I have had some incidents in the past with this but fortunately the worse that happened was auto typing it to my friends discord server. I haven’t used keepassXC in a while but you can change the sequence per entry and from my quick glance at the documentation you can inherit the auto type set for the group. Maybe you can set a custom sequence for all your entries rather quickly? Have a look: KeePassXC: User Guide

The official browser addon could help mitigate this issue.

This is why Passkeys are a somewhat a better solution because you can never use it on a typo-squatted site. But Passkeys are a bit in its infancy/beta days. It’s not fully there yet but I am hoping it gets there sooner. It is not really “portable” right now, at least when it is correctly implemented (something about attestation issues or somewhere along the line).