Master Password can be changed to the exact same password
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
#2828 Master Password can be changed to the exact same password
Hi everyone,
is there a possibility to add a MasterKey policy, which prevents people from using the same Master Password over and over again? For example a Master Key expires after six months and the user is forced to change it. Currently there´s no option (at least to my knowledge), to prevent users from replacing the expired Master Password with an identical new Master Password.
Thank you for your replies!
Best regards, Lukas.
Why do you want to change the master password?
Using a long but easy to remember password and sticking to it is the best option.
Even NIST doesn't recommend it.
https://www.enzoic.com/blog/surprising-new-password-guidelines-nist/
cheers, Paul
If this would be implemented, there would likely be users who make very minor modifications to the master password (e.g. appending a digit)...
Anyway, I could imagine implementing this as an option and thus am moving this to the open feature requests.
Thanks and best regards,
Dominik
Thank you, it would be greatly appreciated!
Ticket moved from /p/keepass/bugs/2258/
This patch will add following features:
Options -> AdvancedThis also prevents reusing the current master key if a master key change is forced
This cannot be toggled on purpose. If there was no change, it's not neccessary to save anything and if a change is forced it's even more important to prevent a "no change"
The attached file contains the patch and the german translation file
Last edit: Rookiestyle 2023-12-10