A user new to SecureDrop got confused by the KeePassX UX. They did not remember the password had to be empty. Then they did not get why the Password checkbox had to be checked despite the fact that there is no password. And finally they selected the keepassx.kdbx to be the key file because … what else could it be ?
The KeePassX UX is not very good and it would be more user friendly to use a password.txt file with a plain text template to get things a little organized.
What do you think ?