I use keepass, you can just copy the pw/username. no need to use your keyboard
Virus can easily 'keylog' your clipboard.
KeePass has an option called autotype with two channel autotype obfuscation
I wrote my own keylogger and cliboard sniffer and it seems that they are not working with autotype obfuscation.
Maybe my keylogger and cliboard sniffer are too slow and can't log from KeePass autotype due to my poor knowledge in programming so I would like to know can anyone confirm above statement about obfuscation.
Another way to go is to add an option where you need password with keyfile to unlock Keyhotee. (In KeePass you can use any file that has reasonable size, for example you have USB stick with few hundred songs on it, one song is your keyfile....no one would ever suspect that your stick has keyfile on it)
If above 2 are combined with two factor autentication I think security level goes to extreme.
When enabling two factor autentication allow direct printing of QR and backup text code but not saving or selecting it. Ones that printscreen and save backup picture of code are naive fools so there should also be warning about NOT storing this info on a PC.
To conclude, to unlock Keyhotee you need:
1. Classic password that is typed in by KeePass with two channel autotype obfuscation (or by classic keyboard input regardless of keyloggers and clipboard sniffers)
2. Keyfile (any type of file, jpg, gif, mp3, mp4, avi, dll, pdf,...whatever)
3. Two factor autentication
also you can have an option where you choose which methods of authentication you want, if you want to have password only, ok, but it's your own risk