Add ability to customize password profiles for each database

[ba32107]

When generating a new password for an existing entry, I would like an option that generates a new password using the existing settings for the given entry.

Some sites only allow alphanumerical characters and/or has a max character limit. This feature would allow to easiily generate a new password for any site using different patterns.

Thanks, Balazs

[droidmonkey]

This was discussed before. The problem with this is you have to store the current profile for each entry in order to replicate it exactly each time. This is better handled through pre-defined and customizable password profiles that are available database-wide. We cannot "guess" what password settings you are using based on your current password since it is random.

[ba32107]

Thanks, this would work great as well.

[joshualibrarian]

Even if pre-defined password profiles are available database-wide, that doesn't really solve the problem presented in (closed) #3091. Whatever profile I started with, when I go to generate a password for a new site, I invariably have to customize the generator settings. Just now, I had to select the right boxes and then paste the list of "additional allowed characters" into the allowed box. These generator settings should be preserved and associated with THAT entry so that next time I go to change the password for that entry, the generator is already set correctly. Is it not viable to store this data in the database with the entry, whether as reference to database-wide profile or not?

[droidmonkey]

Also allow setting a default configuration that is easily chosen.

[GenocideStomper]

I would also love to see password profiles for the "Password Generator" tool. Sometimes I need to change settings, and don't want to lose the characters from the "Also choose from:" and "Do not include:" fields.

[Massimo-B]

Just to give an idea here is a screenshot of the keepass2android application Password Generator with profiles.

[mattesony]

I really like this feature and miss having it in my previous password manager. I'd be happy to take a stab at it either with the profiles or by storing the generating character set/length on an entry-by-entry basis. I think it could be built on by adding some form of inheritance of the character set/length from the groups the entries are in if the character set/length is unset for the entry, then the profiles would just be a further refinement to allow easier management.

[michaelk83]

The profiles should be compatible with OG KeePass. As I recall, there was a specification of it somewhere.

[droidmonkey]

This should being implemented exactly how saved searches was implemented, except of course in the password generator. I don't think this is in the kdbx specifications.

[michaelk83]

I think I saw some sort of spec or similar document on the OG KeePass website a while back, but I can't find it now. In any case, it does have password generator profiles, and so does Keepass2Android, as noted above. So KeePassXC shouldn't reinvent its own system for this.

[droidmonkey]

Depends on how much I like the way they implemented it. Our password generator is decidedly different then KeePass2 and KeePass2Android actually uses the KeePass2 binaries under the hood.

[michaelk83]

It could be an issue for some users if they make password profiles in OG KeePass (or on android), and can't use them in KeePassXC, or vice versa. Though currently that is already the case (since KeePassXC doesn't support profiles at all).

If your new way is that much better, I suppose it can be standardized in KDBX5.

[Thunderhawk2001]

Any news on this?

And i hope this is the right place for this: It would be awesome, if it would be possible to add random numbers to the passphrase: insert a number (0-9) randomly in front or back of a word and/or after a separator. e.g. "word-word6-word" or "word-6word-word"

[Massimo-B]

On Jan 20, 2019, droidmonkey changed the title from 'Generate password using current pattern' to 'Add ability to customize password profiles for each database'. I think this does not match the initial feature request anymore, which was "generates a new password using the existing settings for the given entry". Initially this meant to have a password profile stored with the entry not with the database.

The issue that needs to be solved, according to my opinion, I can't remember every single websites password policy to re-generate a new password. On most websites it doesn't matter but if I got some buggy website and finally figured out a working password profile, I would like to store that with the entry.

[Massimo-B]

And i hope this is the right place for this: It would be awesome, if it would be possible to add random numbers to the passphrase: insert a number (0-9) randomly in front or back of a word and/or after a separator. e.g. "word-word6-word" or "word-6word-word"

I think this is a completely different request. You want to have a pattern like a Regular Expression or something that has fixed strings, variable character sets and counts and stuff. I don't think any website has policies requiring passwords based on such patterns. It might help you remembering passwords, but right after starting with password managers, strong unique passkeys are the only right way to go... my opinion.

[Massimo-B]

Even if pre-defined password profiles are available database-wide, that doesn't really solve the problem presented in (closed) #3091.

I agree. Currently KeePassXC does not have any kind of persistent password profiles. But to solve this feature request such a profile would need to be stored together with the password entry itself and obviously not guessed from the random password.

[Thunderhawk2001]

And i hope this is the right place for this: It would be awesome, if it would be possible to add random numbers to the passphrase: insert a number (0-9) randomly in front or back of a word and/or after a separator. e.g. "word-word6-word" or "word-6word-word"

I think this is a completely different request. You want to have a pattern like a Regular Expression or something that has fixed strings, variable character sets and counts and stuff. I don't think any website has policies requiring passwords based on such patterns. It might help you remembering passwords, but right after starting with password managers, strong unique passkeys are the only right way to go... my opinion.

I mean something like Bitwarden Password Generator does it: "Just" a toggle for "include number"

Sorry, really should drink my coffee before posting stuff.

[Massimo-B]

[offtopic] The Passphrase password generation is possible already: Just the random number part not... but anyway, different request.

[fireba11]

Providing the option to save/load generator profiles (possibly independent of database) like keepass offers would be great. That way you could roll out profiles according to regulations to your user. "Admin password", "API password" etc.

[Massimo-B]

And additionally adding a special attribute to an entry to select such a profile would help every time the password needs to be renewed.

[Grocel]

This is something I really miss in KeepassXC. In OG Keepass the pattern settings are stored in the global config file, which is actually quite convenient, but also not that secure. KeepassXC could do this much better by using a custom database entry to store the password patterns.

To be honest, I don't get the where the problem with this feature lies beside acting the classic "Developer's No™".

[droidmonkey]

There is no problem, it just needs to be developed