search

keepassium / KeePassium

KeePass-compatible password manager for iOS
https://keepassium.com
Other
1.2k stars 103 forks source link

Use linked-database credentials to simplify cross-database operations #397

Open latvia234 opened 2 weeks ago

latvia234 commented 2 weeks ago

Currently, when moving an entry from one database to another in KeePassium, users are required to manually enter the password for the target database.

I would like to request a feature that uses the "linked database entry" (in the source database) to automatically open the target database when moving an entry. This would streamline the process, reduce the need for re-entering passwords, and improve user experience.

Proposed Workflow:

  1. User attempts to move an entry: When a user tries to move an entry from the source database to the target database, KeePassium checks if a linked database entry for the target database exists in the source database.
  2. Automatic opening of the target database: If a linked entry is found, KeePassium uses it to open the target database automatically, without prompting the user to enter the target database's password again.

Benefits:

Thank you for considering this feature request.

keepassium commented 2 weeks ago

Currently, when moving an entry from one database to another in KeePassium, users are required to manually enter the password for the target database.

Make sure you have "Remember master keys" enabled in KeePassium settings, and database timeout is reasonably long. If a database was previously opened in KeePassium and the app still remembers DB's master key, it won't ask for manual input. This applies to moving between databases as well.

latvia234 commented 2 weeks ago

Thanks for your answer. Yes, I know that's possible. However, I prefer to clear master keys after a short time. I disabled most settings that can make the app more convenient to use. Because I hope that stricter security settings keep passwords safe.

I also encourage other team members to use stricter security settings inside KeePassium. Because what happens when someone in the team uses a weak macOS password? I somehow thought that KeePassium stores the passwords in macOS keychain which is accessible with the macOS password. But maybe I'm wrong...?

Could it be true that this feature request will also be helpful for teams that use stricter security settings via Managed App Configuration? https://support.keepassium.com/docs/mdm-appconfig/

When sharing databases with a team, databases have passwords that I don't remember. It would be better to open the database via a linked database entry if I want to move entries. This way I don't have to open the target database first and go back to the source database to move entries.

I still hope that you can consider this feature request.

keepassium commented 2 weeks ago

@latvia234 , thank you for the details.

Because what happens when someone in the team uses a weak macOS password? I somehow thought that KeePassium stores the passwords in macOS keychain which is accessible with the macOS password. But maybe I'm wrong...?

You are right. On macOS, anyone with the system password can view all the keychain entries. Which makes the whole system security depend on a single password. On iOS this is not the case, keychain is not user-accessible.

When sharing databases with a team, databases have passwords that I don't remember. It would be better to open the database via a linked database entry if I want to move entries. This way I don't have to open the target database first and go back to the source database to move entries.

I see your point, it does make sense. I am slightly concerned whether magically unlocking a database based on credentials stored somewhere else in the database would violate the principle of least surprise. But then, that surprise does not really undermine database security (credentials were available to this user anyway), and security benefits probably outweigh the surprise risks.

Let's keep it on the list, I'll just adjust the title a bit.