Open ba32107 opened 3 years ago
Dear @ba32107,
I assume you are trying to actually spread the password expiry over a longer period. So the preset would need to know which passwords you do not want to cycle at/around the same date.
I assume changing unrelated passwords is not the intent of your feature request. But having the VPN password and your Global User Account cycle on the very same dates feels indeed a bit risky.
So actually it would be good to have the expiry of eg. these two accounts separated by several weeks in order to also take e.g. some vacation / absence into account, where you could naturally not cycle the passwords.
Kind regards, Stefan
Assuming you use those passwords frequently enough, wouldn't this be a one-time issue? Once you set the expiry on different dates, the next time there would already be an offset between them. How about a DB-wide "Deduplicate expiry dates" function instead?
Another thing to consider is, this would only work if you have less than 365 passwords with expiry dates. It would be more useful to somehow automate password renewal. Something like this:
My passwords already have plenty of offsets between them. Ideally, yes, this would be a one-time issue, if I could renew every password right after they expire. However, I never notice when the passwords actually expire. By the time I realize I have one expired password, I already have at least five.
Then, I renew all of those passwords, and the preset always work from the current day - hence I run into the issue described in my first comment.
The whole reason this problem exists is because KeePassXC doesn't notify me of password expirations. I already raised this several times, but so far there is no solution for it (for example, see https://github.com/keepassxreboot/keepassxc/issues/4624)
I think automatic renewal will solve your problem, and would be more useful to other users. You would auto-renew each password when you need it, rather than when you remember to. I've created a separate feature request, linked above.
I'm working on automatic extension on password modification here: https://github.com/keepassxreboot/keepassxc/pull/6456
Maybe I can find a way to fit this feature request in there.
Maybe I can find a way to fit this feature request in there.
That would be excellent, thank you
I think automatic renewal will solve your problem, and would be more useful to other users
Thanks for the idea, agree that it would be useful. I see some difficulties with the implementation though: changing the password on many sites is not as simple as just having three text fields (old + new + new confirm). Sometimes you need to reauthenticate, sometimes it's a password reset link sent out by email. Not to mention all the passwords which aren't for web applications but for other uses. How would the auto-renewal work in that case?
I would personally prefer to renew my passwords manually. All I would really need is a simple notification that I have expired passwords in my database. Sadly this is not available yet (I did offer multiple times to implement it), so in its absence, the feature described in this issue would help my workflow a little bit.
I see some difficulties with the implementation
Let's continue this in #6500. I've replied there.
Summary
As a user, I would like to be able to set a random expiry date for an entry, within a reasonable range.
Examples
In the
Presets
dropdown next to an entry's expiry, we could addIn about ...
options. For example:In about 1 year
: this would set the expiry date to a random date betweentoday + 11 months
andtoday + 13 months
In about 1 month
: similarly, this would set the date to a random one in the rangetoday + 3 weeks
andtoday + 5 weeks
These are just examples, the exact rules would be up for discussion. Could be something as simple as, pick a date in the +/- 10% range of the base expiry value (e.g. 1 year).
Context
I frequently have multiple expired passwords (see https://github.com/keepassxreboot/keepassxc/issues/4624 why) at a given time. As a result, whenever I renew my passwords, I usually do 5-6 (or more) at once, and almost always set the same expiry preset for all of them. However, I don't want these new passwords to expire on the same date, so for each password, I set the preset, then manually go into the calendar and pick a random date before/after the preset date. I do this so each of my newly generated passwords will expire on a different date. These new presets could save these manual actions.