On-screen 'warning' after a change to password policy and unfit (current) password
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
#783 On-screen 'warning' after a change to password policy and unfit (current) password
I am struggling to create my very first key ever in an unfamiliar standard, and have just read about a 20 chars minimum length requirement.
At some point I generated an extra-long password but then, later, I wished a different password, one generated without any special characters. So prior to executing the 'random magic' I went to the password policy tab, and unticked special characters. After I pressed Apply, PasswordSafe didn't issue a warning stating that my current password was non-conforming. There appears to be no 'check of policy' against the current password after pressing Apply.
Shouldn't be allowed to save a DB if an entry does not conform to policy (strict).
I eventually became able to produce a warning check, but only when I unticked -everything- from the policy page and pressed Apply. The message only said 'please allow something,' i.e. it wasn't actually related to a check against the currently-stored password.
Been a long time user of the proggy, I am forever grateful for your work.
Whilst looking reasonable at first glance - take this scenario:
A user has a significant number of entries based on their default policy and then they change this policy - potentially many of the current passwords would not conform to this new policy. What does PWS do?
It can't refuse to change the default policy. It could trawl all entries using this policy and then list them but the user would not want to chnage them there and then as they would have to logon to the corresponding system to change it there before saving the entry in PWS.
In my view, this check isn't necessary as:
1. The current password, even if not conforming to the new policy, must have been OK as it was used on the system/webpage it was generated for or, if the recipient system won't accept it, the user needs to generate a new password anyway.
2. The new policy will be used for the next generated password. If the user wants to use this new policy immediately, then they would generate a new password conforming to this new policy and change it on the corresponding system/webpage.