OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Two Useful KeePass Improvements

KeePass version 2.36 was released June 8, 2017, and has two new commands which are very useful.
  • Find Duplicate Passwords (in Edit/Show Entries)
  • Password Quality Report (also in Edit/show entries)

Find Duplicate Passwords (or similar)

As everyone knows, duplicate passwords are odious and need to be avoided. Fortunately, with a password safe, they are unnecessary. The problem is that if any of them gets compromised, the hacker is likely to try that email address and password combination in other places to see if they can compromise more accounts. By choosing Edit / Show Entries / Find Duplicate you'll get a list of duplicate passwords.

Password Quality Report

By choosing Edit / Show Entries / Password Quality Report you get a listing of all your passwords from weakest to strongest. If you are like me, you will find some very old passwords that are weak and should be changed. Perhaps you just made them weak many years ago, or perhaps the site didn't all for symbols and long passwords. But, it is prudent to check and fix the weak ones.

Sort a Folder by Password Quality

If you use folders like I do, you might want to at least check your financial passwords. You can add a column with password strength to your view. In order to do this, you need to add a plug-in called "Quality Column". This will add the option displaying a column showing the password quality.

The password quality column plug-in can be downloaded here: http://keepass.info/plugins.html#qcol. It is written by Dominik Reichl who is the main author of KeePass for Windows. I don't know why he didn't include it in the program itself.

To install a plug-in just download it and unzip it to its own folder. You'll have 2 files, a readme.txt file which you should probably read, and the "plug-in name".plgx file with is the actual plugin. All you need to do is copy the plugin to the Keepass program folder (probably C:\Program Files (x86)\KeePass Password Safe 2) or the plugins sub-folder and restart KeePass. If you have other plugins you might have a special plugin sub-folder, in which case stick the plugin into that folder.

Now you can add the quality column and sort by it.

Under view, choose configure columns and add password strength. Then you can simply drag that column left to be next to the name and click on the header to sort by strength.

This is what I got for my financial passwords with online access.

Vanguard and US Bank are very old and have weaker passwords than my Capital One accounts and my social security account. I'll change them soon.

Once you are done deciding what should be changed, you can move the password strength column back out of the way to the right.

The Strength Meter

Keepass has the most sophisticated password strength meter I've ever seen. Though they cannot be perfect. It is really very good. He is pretty strict in his assessment, so even a moderate rating should prevent hacking for another decade.

His rating assessment:
  • 0-64 Very weak
  • 64-80 Weak
  • 80-112 Moderate
  • 112-128 Strong
  • ≥ 128 Very strong


How KeePass calculates password strength

Date: July 2017

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster