Auto-Type field NEWPASSWORD support

[Sviat]

Summary

Please add support for Auto-Type field {NEWPASSWORD} to support change password sequence.

Context

https://keepass.info/help/base/placeholders.html#newpassword

KeePass 2.x Only
{NEWPASSWORD} and {NEWPASSWORD:/Profile/} – Generating New Passwords:
The {NEWPASSWORD} placeholder generates a new password for the current entry, based on the 'Automatically generated passwords for new entries' generator profile.

This placeholder is evaluated only once in an auto-type process, i.e. for a typical 'Old Password' - 'New Password' - 'Repeat New Password' dialog you can use {PASSWORD}{TAB}{NEWPASSWORD}{TAB}{NEWPASSWORD}{ENTER} as auto-type sequence.

In order to use a different password generator profile, use {NEWPASSWORD:/Profile/}, where Profile is the name of the profile. If the specified profile cannot be found, the 'Automatically generated passwords for new entries' profile is used.

When specifying ~ as name of the profile (i.e. when using the placeholder {NEWPASSWORD:/~/}), KeePass derives a profile from the current entry password. Not recommended, as the quality can decay.

Example

{PASSWORD}{TAB}{NEWPASSWORD}{TAB}{NEWPASSWORD}{ENTER}

[droidmonkey]

I don't understand the purpose. Are you going to define this as a sequence for numerous entries? Do you change your passwords every day? This isn't the solution to the password change problem. Technically doing {NEWPASSWORD} twice changes the password twice.

The password change problem is real, but this requires advance setup and most will never do that.

[Sviat]

Did you try to open provided link? It precisely answers your question:

This placeholder is evaluated only once in an auto-type process, i.e. for a typical 'Old Password' - 'New Password' - 'Repeat New Password' dialog you can use {PASSWORD}{TAB}{NEWPASSWORD}{TAB}{NEWPASSWORD}{ENTER} as auto-type sequence.

---

Do you change your passwords every day?

I change 5-10 passwords with 1 to 3 month rotation period, so yeah, almost everyday.

[droidmonkey]

I did read the link before I replied. What I meant was that this is not the solution to the problem of creating a new password. It is non-discoverable and requires setup before use. I would much rather support a more defined process than this.

[Sviat]

Well, do not know what is solution you are looking for.
There is pretty common sequence for Change Password use-case, which cannot be solved by any of current Actions, Placeholders or Attributes, because it requires change to password and some nice handling (like not-re-generating new pass).
Base Keepass for some reasons sticks to Auto-Type action, which almost perfectly solves my issue (with small exception, i would like to have roll-back mechanic, in case password was not accepted).
If you need anything in particular i can answer; it is up to KPXC team to choose how to solve it (or deny), but it is not like "you do not need this feature" case IMHO (password rotation is one of security basics; and when reaching certain amount of expiration requests per day, you quickly start wondering how to optimize/automate this process).

[hifi]

KeePassXC (like KeePass) keeps per-entry history so saving a new password during rotation should be relatively safe. With #5864 merged your process could be with old-new-new sequence:

1. Press global hotkey and select {PASSWORD} pattern
2. Switch to KeePassXC and generate new password for entry, close the entry edit and save database
3. Press global hotkey and select {PASSWORD} pattern
4. Press global hotkey and select {PASSWORD} pattern

The new global dialog is easy to navigate with keyboard only (to select entry and pattern) so it only takes a few seconds to do that.

Would this work for you?

[Sviat]

Hi.
I checked patch-note. Looks promising. I'll field test your sequence, but may be meanwhile you or @droidmonkey can check possibility of adding new dialog similar to Pickchars, to enter random symbols and stacking them on Clipboard?

Buttons would be similar to what usually used in RegExp for alpha,numeric,alphanumeric and special chars etc.

So you change password would be like:

1. Press hotkey and paste (old) {PASSWORD}
2. Call PickRandomChars dialog
3. Type from keyboard or mouse pattern
4. Random password generated and stored to clipboard
5. Paste from clipboard in new password field
6. Paste from clipboard in repeat password field
7. Try
8. New password is not matching due to some weird rules (i.e, matching one of last 30 passwords)
9. Same page with empty fields opens again
10. Repeat from 1

[droidmonkey]

I don't intend on adding a workflow for this in autotype. To be honest I don't see this request being added to the program at all.

[droidmonkey]

Instead we will work on a more defined "Change Password Workflow". See #6032 and #6323.