KeePassium
KeePassium copied to clipboard
keepassium
Password auditing
When having hundreds of passwords it is hard to make sure that all the passwords are in a good state. This needs to be automated. The exact actions can vary, and below I list some suggestions that will be good to have:
- Reused passwords. It is is no good to use one password on two different websites. If it is the same website it should have multiple URLs instead (https://github.com/keepassium/KeePassium/issues/180).
- Weak passwords. It is no good to have weak passwords. Sometimes it is unavoidable (https://github.com/keepassium/KeePassium/issues/106), but in general it should be alerted.
- Passwords created before breach date for known websites. Can be obtained from https://haveibeenpwned.com/API/v2#AllBreaches and cached inside the application.
- Leaked passwords. I guess macOS version can locally use the downloaded hash database if pointed to. https://haveibeenpwned.com/Passwords
- Old passwords. This is discussible, but password renewal recommendation policies can be found in many places.
There need to be views for weak, reused, and (potentially) leaked passwords. Sorting would also help as mentioned in https://github.com/keepassium/KeePassium/issues/170 and https://github.com/keepassium/KeePassium/issues/186.
Thank you for the detailed list! Everything makes perfect sense, but leaked password checks are a bit problematic... HIBP database is a hefty 12 GB archive; much more in a usable indexed form. For a mobile app this is infeasible. For a desktop version, there might be a dozen of potential users, but this would not justify the effort...
Yeah, I understand that not many people would download 12 GB to Desktop, but I personally would not mind :-)
Note that pretty much all KeePass desktop clients allow you to export directly to the bare XML format, which you can then use for arbitrary analysis. I'm not sure how much value there is to doing this on a mobile device. Not to mention concerns as to how this might be implemented safely.
