Database wide Password duplicate checking (when adding an entry)
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
With duplicate password usage being BAD (same password, multiple sites) it'd be cool if Keepass would indicate to you if you are using a duplicate password that you've already used anywhere in your KeePass database. Maybe a clone icon or something next to an entry with a duplicate password (configurable on/off of course). And when you create such a duplicate entry KP should let you know you already use that password, what other entries it's found in, and ask you to confirm that you want to really reuse that exact password.
Thanks for a good product.
There is no need, simply let KeePass generate the password for you.
cheers, Paul
While I appreciate KP's ability to generate passwords there are some sites that really need passwords I can remember (even if long and convoluted) since entering passwords in on things like someone else's computer or my only partially-smart phone or iPod Touch requires being able to remember them too.
I did find I could export the whole database as a csv and then sort stuff in Excel, which helps. But still, it'd be a cool feature for added security to let you know if you've got a repeated username and/or password.
While its not duplicate checking, you don't need to export a 2.x database file to sort it by password.
a. Unhide the passwords by selecting View>configure columns; select Password and uncheck the "hide data using asterisks" box in the low left corner.
b. Set whether you want to view sub-groups (View>Show Entries of Subgroups)
c. Turn grouping on or off (View>Grouping in Entry List>ON/OFF/Automatic)
Last edit: wellread1 2013-08-14
Also, that doesn't take into account any previously existing password entries from pre-KeePass days that were manually created, sometimes with duplicates.
See below; both the second sentence and point 1. Dealing with pre-KeePass entries is a one-time operation.
If finding duplicates were a frequent necessary operation I would be agreeing with you.
Last edit: wellread1 2014-05-27
I think spacewalker's suggestion is valid. There are many occasions when the auto-generated KeePass password is not appropriate.
While I appreciate wellread1's very thorough explanation of how to sort the KeePass database to locate duplicate passwords, software is suppose to make your life easier and simpler, not require you to take a bunch of manual steps to achieve your goal. Software is supposed to automate those things for you.
A feature that notified you of duplicate passwords in your database would be beneficial to users who might not be as security conscious as they should be. Alerting them to the fact that they are entering a duplicate password would help to condition them to be more careful of the passwords they do choose to use.
This is something that should be automated and a feature of the application, not accomplished through a convoluted set of manual processes when a user decides that they need to review their passwords.
The find duplicate steps are: Display All Entries, Sort by Password, Inspect. This is a combination of three often used operations. By contrast, finding duplicates should be a relatively rare operation, generally done only after importing a set of entries. My personal experience has been that I know when the password I am creating by hand is likely to be a duplicate. In that event, it is easy to determine whether one is reusing an existing password by sorting during the entry creation process.
Finding duplicates in KeePass is the fast and easy part of eliminating duplicates, even using the sort method. Changing the passwords is the time consuming part. If you display KeePass full screen it is practical to show ~30 sorted entries per screen on a smaller screen & ~50 on a larger screen. With a sorted listed it is quite quick (I estimate <<1 min/page) to find the duplicates. However changing the password will take a couple, or several minutes per site (per entry).
While features that streamline processes are often good, I don't see much need of this feature for the following reasons:
In light of the above, I believe a plugin would be a better solution.
Tip: When looking for duplicates use the Quality column plugin as part of the process, Sort by password then Quality. This procedure will help prioritize the work by identifying the the weakest duplicates.
@wellread1 - thanks for the tips on how to see all entries and sort, that will help (I didn't know or remember about removing sub groups so that always slowed me down when trying to compare passwords among my many sub-groups).
Personally, I'd rather have this feature built-in. I would trust it more than a user-contributed plug-in.
Thanks for the suggestion and time you took to respond. I appreciate everyone's response - and I still think a duplicate password feature would be beneficial. Just because we "can" use the built in generator doesn't mean users always will or should.
If you want to use a self generated password, paste it into the KeePass Find box (Ctrl F, not the simple search on the toolbar) tick the Password box and press Enter. Any duplicates will be shown.
cheers, Paul
I think the point here is... When creating a new entry, it would be helpful (and much more responsible) if the application warned you AUTOMATICALLY, that you're using a duplicate password.
Although the ability already exists in the application to check or find other passwords, those steps require the user to be "trained" or be experienced, or to even CARE about checking. Too often, users simply use an application as it exists in it's "default" form, without bothering to look into the application and find out how to do various things.
Additionally, I venture to guess that a majority of KeePass users don't go much further than the default functionality in regards to password security. I would venture to guess that most users have duplicate passwords all over the place, without even giving it a second thought. Either they don't know better, or they don't care. They probably think that since they're using KeePass already, they're doing enough to keep themselves protected.
Having KeePass check this and warn the user, would go a long way towards getting users thinking about NOT using duplicate passwords. Perhaps after they have been prompted enough times, they will start getting annoyed and start using the random password generator instead.
The dialog box could even mention that.... "You're using a password that is already in use for the following entries... {...list...}. You should choose a unique password, or simply use the built-in password generator. Are you sure you want to use this password?"
The dialog could even be a version of the password generator... Giving them the option of replacing the password with an automated generated password with one-click...
Todd W - you TOTALLY get what I'm saying and I think your suggestions are EXACTLY what I would like to see in the product as well.
I think this would be a good feature as well. I have sites that I have to use memorable passwords and I want to be warned automatically if I choose an already used password.
Last edit: Pascal 2017-03-18
While I can see usefulness in this idea and voted for it, it generally wouldn't help me, because when I need a memorable password, I'll add something site-specific to one of the set of memorable passwords I already use. If someone were to find out one of those base passwords, a duplicate finder wouldn't help me find and change all of the related passwords, because none of them are exact duplicates. Instead of this, I would argue for a plugin that does N²-N comparisons and reports a similarity score for each comparison.
Addendum: Here's another old discussion on this topic.
Last edit: T. Bug Reporter 2017-03-20