Master password change should require current password as verification #1280
Labels
Milestone
Comments
|
That's a reasonable request. It should be possible to change this. On the same topic it might be feasable to require a save afterwards since the password change is not immediate. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
In the KeePass official app, a user is required to type their current password along with the new password and password verification when changing the master password. A password change is not allowed without current password matching. I don't know if KeePass official app shows a "No password is set" message if one isn't set (if it even allows it).
Describe the solution you'd like
MacPass should mirror the KeePass official app behavior
Describe alternatives you've considered
Leave as-is, since the database is already unlocked at the time the password is changed
Additional context
Asking for a current password is consistent with other password change dialog boxes in MacOS, such as the one when I try to change my local Mac user's password. This also helps prevent against changes if a database is left open on a desktop and an attacker/coworker decides to mess with it.
MacOS password change dialog:
The text was updated successfully, but these errors were encountered: