How to quickly check all my passwords?

[hharsunen]

Features: each password is individually checked only on user request

How to check let say one thousand passwords in a easy way? Or is this thought to be used only in small scale?

[mihaifm]

I’m planning to implement these features, just haven’t had much time lately:

• a context menu option under “Selected items” to check all selected passwords
• automatically check any password when it’s updated (currently the status is only cleared)

[homes32]

automatically check any password when it’s updated (currently the status is only cleared)

I would love to see this implemented. I deploy KeePass in a corporate environment and I would love to provide the additional password security checking to my users automatically. (I'll never get them to actually run the process manually).

Also it would be nice to have the option to modify the column heading/text/font/etc. In a multi generational environment uses may have no idea what Pwned means when they see it, better to have the option to change it to custom text eg. "This password is insecure..."

[mihaifm]

• a context menu option under “Selected items” to check all selected passwords
• automatically check any password when it’s updated (currently the status is only cleared)

These features are now implemented, I updated the readme.

@homes32 let'em learn the secret language of the internets !!1

Joking of course.... The text is currently hardcoded, I'll try to think of a way to make it configurable...it might require an extra config file and a separate options screen for the plugin.

[mihaifm]

The config screen has been implemented under Tools -> HIBP Offline Check and it allows changing the column name, secure/insecure text and other options.

Hopefully all issues discussed here have been addressed, can you help verifying them?

[Kebap]

I will help you verifying.

• context menu option under “Selected items” to check all selected passwords Works as intended. However, the sub-menu in the right-click-menu is a bit tedious to reach. Could use a keyboard-shortcut or menu-icon, maybe?
• automatically check any password when it’s updated Works just fine. Very nice!
• changing the column name, secure/insecure text and other options
  • Moving text file to other folder - works
  • Renaming text file - works
  • Adjusting column name - works
  • Adjusting secure text - works
  • Adjusting insecure text - works
  • Toggling breach count - works
  • Toggling warning display - works
  • Maybe also add toggle for keyboard shortcut (see above)?

Hopefully all issues discussed here have been addressed

No, I think, there was a bit different idea still missing:

How to quickly check all my passwords? How to check let say one thousand passwords in a easy way? Or is this thought to be used only in small scale?

If "all my passwords" are stored in 100 different folders, I still can't select them all. I have to go through each folder seperately, select all, right click, open sub-menu, check all. Which is better than checking entries seperately, but still not good enough. How about an option to "check all passwords in database"? Maybe even with a nice summary like "Checked 1000 passwords in 100 folders. 800 of them are OK. 200 have been pwned. See list of pwned passwords here: (click)"

What do you think?

edit: I found this example of 1password doing a similar summary here: https://twitter.com/roustem/status/992091294200512512 LastPass does offer a similar feature called "Security Challenge": https://support.logmeininc.com/de/lastpass/help/use-the-security-challenge-lp030011 This seems more complex and not use HIBP data after all, just for comparison

[mihaifm]

@Kebap thanks for testing this

Could use a keyboard-shortcut or menu-icon, maybe?

A keyboard shortcut can be done, but probably needs to be configurable. Keyboard shortcuts in plugins are always problematic, due to conflicts with other plugins.

How about an option to "check all passwords in database"?

This would be ideal, but couldn't figure out the user experience for this. Where to put this option? There's also some performance considerations, this type of check would take a few minutes to complete. But I agree, this option needs to be available for the sake of completeness.

[Bbansjkl]

you can check all your passwords in a rather easy, but maybe a little uninituitive way:

1. Search for nothing. Just click into the search box, select all contents and press delete if it contains a search term, then press enter when the search box is empty.
2. The result list should now contain all passwords across all folders, except the recycle bin.
3. Select all entries by either clicking into the result list and pressing ctrl+a or by rightclicking any entry (except category titles) and clicking on "Select All" in the context menu.
4. Right click on one of the selected entries, in the context menu open the "selected entries" category and click on "Have I been pwned?"
5. Now the extension will check all of your passwords, which may take a while depending on the amount of entries and the password length. Took me about 2 minutes with ~400 entries and maybe half of them having passwords with more than 12 characters.

Note that the list will change back to a single selected folder while it's checking the passwords. It will still check all passwords. Just search for nothing again when it's done to see the overview.

[mihaifm]

Excelent trick, I'll add this to the readme

[mihaifm]

It took a while, but I finally added a button to check all entries in the database :)

Tools -> HIBP Offline Check -> Check All Entries

See the latest release. Cheers!