Create a "Change Password" form/dialog.
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
#1851 Create a "Change Password" form/dialog.
I would like to suggest/request a new dialog box for a future version of KeePass.
Dialog box Name: "Change Password"
Accessible via Right Click of Entry AND via Password Generator drop down in entry.
Fields:
-Username
-Current Password
-New Password
-Password Generator Preset List (And access to Generator Dialog)
Buttons:
-Auto-type Username [Only]
-Auto-type Current Password [Only]
-Auto-type New Password [Only]
-Auto-type Entry Default (use entry's "normal" auto-type)
-Generate New Password (Generator drop-down alternate)
-Save
-Cancel
Function of Dialog:
Create a way to create new passwords conveniently without creating multiple history entries, and improved workflow in the event of a new password not being accepted.
Current workflow of changing a password is the following:
1. Open website.
2. Find KeePass entry, and initiate auto-type of entry.
3. Access password change page of site.
4. Copy password from Entry. (Via Double-Click)
5. Paste password in site.
6. Edit KeePass entry, click on password generator and use preset.
7. Save entry, creating historical entry.
8. Copy new password from KeePass entry.
9. Paste new password to site, 2x.
10. Submit.
10a. If accepted, operation complete.
10b. If failed, continue to step 11.
11. Edit KeePass entry.
12. Access entry history, retrieving previous password.
13. Unhide password.
14. Copy original password.
15. Enter original password in site.
16. Close history.
17. Generate new password.
18. Save password.
19. Copy new password. (Via Double-Click)
20. Paste new password to site, 2x.
21. Submit. If accepted, operation complete. If failed, return to step 11.
(I concede, there are alternate ways to proceed steps 7 & 8 (also 18 & 19), such as copying from the entry dialog directly after unhiding it, but you will still not have access to the historical password if you do not save the new password without first closing and not saving the dialog then reopening it. Additionally, both the current and future workflows do not include steps for placing the cursor in the correct field on the website.)
The workflow for the suggested dialog would be as follows:
1. Open Website
2. Find KeePass entry, and initiate auto-type of entry.
3. Access password change page of site.
4. Access "Change Password" dialog of entry.
5. Auto-type current password.
6. Auto-type new password, x2.
7. Submit.
7a. If accepted, save new password to entry, creating historical entry.
7b. If failed, continue to step 8.
8. Auto-type original password.
9. Generate a new "new" password.
10. Auto-type new password, x2.
11. Submit.
11a. If accepted, save new password to entry, creating historical entry.
11b. If failed, return to step 8.
This improved workflow almost halves the number of steps required to change a password, and would result in considerable time savings when having to do mass password changes due to breaches or other situations. Additionally, you will not create multiple historical entries by saving, testing, changing if a given password fails to work.
The reason for having four auto-type buttons is because an entry's default auto-type sequence is useless in a password change use. Additionally, while a sequence of "Original Password" "New Password" "New Password" was common, it was not universal. By having individual auto-types, you can type auto-type only the field you need.
Early creation of a History entry protects the user against losing a new password just after the website password has been changed e.g. if the user kept the Edit Entry dialog open for the entire change password process then accidentally pressed cancel.
Also efficient change password workflows are already possible e.g. 8-10 step assuming success, doubled for a single failure.
It is also currently possible to create change password workflows that are more efficient in case of failure and that bypass early History creation if one accepts additional risk e.g. if one saves the old password to a temporary location, one does not need to close the Edit Entry dialog until a successful change password event.
Last edit: wellread1 2014-04-17
I like the idea of a dedicated option. Being able to drag n drop etc all the required data in one go and to be able to create/change the new password until it is accepted, seems to me to be a very logical arrangement.
cheers, Paul
I also like the idea, I also "more not than often" change my passwords for this reason. Generally my flow is to open a notepad window where I have new/old simultanously and update only after everything is complete. That's also not cool. Currently I implemented the {NEWPASSWORD} approach for exactly one site. IMHO this only works for very frequent/important cases where the flow does not change significantly. Otherwise the password may be rejected by the website however the password is updated already ({NEWPASSWORD}) and reverting history is still required.
The cool thing with your proposal is that it can be implemented as a plugin pretty easily (shouldn't it get implemented)
I am also looking for this feature and I bumped to rookiestyle keepass PCA PasswordChangerAssitant plugin, i'm thinking you might be interested..
https://sourceforge.net/p/keepass/discussion/329220/thread/91124f3e89/