A new version of the KeePass password manager has been released which brings the version of the desktop program to 2.36.
KeePass 2.36 ships with new features and fixes for the most part. Several improvements were made in regards to auditing existing passwords.
KeePass users have options now to check for duplicate or similar passwords, and to create a password quality report which provides an estimation of the quality of all passwords.
Existing users may download the new version from the developer website. While KeePass may highlight that a new version is available, automatic updates are not part of the program yet.
KeePass users can check the version of the password manager by selecting Help > About KeePass in the interface.
The update or new installation is straightforward, and there are no surprises included in the installer.
KeePass 2.36
Two new password audit options have been added in KeePass 2.36. Both are found under Edit > Shows Entries.
The first, called Find Duplicate Passwords, scans all folders of the password database for identical passwords, and displays them in the interface. The scan should not take longer than a second or two to complete.
The second, called Find Similar Passwords, lists all accounts with passwords that have a similarity of at least 20%. The listing is sorted from the “most similar” to the least similar”.
Both password audit options provide KeePass users with options to identify password reuse, and do something about it. While KeePass won’t act on its own, it is probably a good idea to go through the listing to modify passwords to make sure that none are identical, or too similar.
The main reason for that is that password reuse is a problem, as attackers may try leaked or hacked passwords on other services as well. Many Internet and computer users reuse passwords for convenience sake. This is not really necessary if a password manager is used, considering that one does not have to remember the passwords as they are just one click away in the password database
The third and final feature addition in regards to password auditing is the ability to generate a password quality report. This report estimates the quality of all passwords when run. You find it under Edit > Show Entries > Password Quality Report.
All three reporting options provide you with information on passwords that are potentially weak. The password quality report does so directly, the two others highlight password reuse issues.
The remaining changes in KeePass 2.36 are not as spectacular, but some are useful nevertheless.
To name a few major ones:
- KeePass 2.36 has a new String search option under Edit > Find, to find strings in the password database.
- New “Last Password Modification” time option in list view.
- Program remembers position and size for some dialog windows now.
- New Configuration option for expiring the master key.
- Option to disallow auto-type target windows.
- KeePass window is brought to the front if auto-type errors occur.
You can check out all changes on the KeePass site.
Verdict
KeePass 2.36 introduces new password audit options, and other improvements. The auditing options give you tools at hand to audit saved passwords to make sure they are secure enough, and not too similar or even identical to others.
Now You: Have you audited you passwords before?