KeePass 2.40 is out: here is what is new
KeePass 2.40 was released on September 10, 2018. The new version of the password manager comes with new auto-complete functionality when editing certain data fields, enhanced compatibility checks for plugin dlls and more.
KeePass is my password manager of choice and there is quite the sizeable number of Ghacks readers who use the password manager as well. It is a desktop-based password manager that stores the passwords database in encrypted form on the local system by default. You can check out my review of KeePass here for an overview of the program's functionality.
Existing users of KeePass who have update checking turned on in the password manager should receive update notifications; KeePass does not include an automatic update function which means that all users need to download the latest version from the official website.
Setup is straightforward and the software will either be installed or existing copies upgraded to the latest version depending on the local setup.
KeePass 2.40
KeePass 2.40 introduces auto-complete functionality for usernames in the add and edit dialog and auto-type dialog, and for usernames and URLs in the "Open From URL" dialog.
All auto-complete options are active automatically. When you edit saved accounts and click in the username filed you will notice that KeePass makes suggestions based on what you type and the "other" usernames stored in the database that you opened.
The same is true for the other dialogs that support auto-completion. I could not find an option to turn the functionality off in KeePass 2.40. It has its uses, especially if you consider that username is often the email address so that you may be able to fill out the username quicker when adding new accounts or editing them.
You can add attachments to entries in KeePass. The password manager includes options to view certain data types saved as attachments directly in the application.
All you have to do is click on the attachment to display it in the data viewer if it is supported (images for instance).
The updated viewer supports zooming. You can use buttons to zoom, Ctrl-mousewheel, or CTrl+ or Ctrl-.
KeePass 2.40 includes several other new features. The developer improved compatibility checks for DLL plugins and added an option to disable that KeePass remembers the master password (encrypted) while a database is open.
Also new: Find has a new Group Path option that you may check when running searches and plugins can make use of the new URL opening event.
The new version of the password manager comes with improvements as well. The responsiveness of the user interface is improved during "long operations" according to the changelog, and KeePass won't create a KeePass folder in the user's application directory anymore if the configuration file is located outside of the folder structure.
You can check the full changelog for all of the changes here. Check out these helpful resources if you want to get the most out of the password manager:
- How to change the default KeePass password options
- How to create Passphrases with KeePass
- How to improve KeePass security
- KeePass: the global login shortcut to ease your life
Closing Words
KeePass 2.40 improves the password manager in several ways. Most changes and new features fly under the radar; in fact, the only change that most users will likely notice is the new auto-complete functionality in certain dialogs.
That does not mean that the changes or new features are not welcome. Plugin developers get new options and users who use certain features will benefit from changes as well.
Now You: Which password manager do you use?
“Which password manager do you use?”
I am currently using the UPM Android app to keep my passwords. I prefer to avoid password managers that are integrated with a browser or that can engage in autofill.
I guess KeyPass would work and if your budget is free it works, but if you’re seriously looking for a password manager that’s built on security and is full featured I’d much rather go with a zero-knowledge solution like Keeper, where each record is individually encrypted and you have much more control on sharing and auditing.
Mmmm… so you’re a user of Keeper, and you like it very much, right ? You absolutely, definitely don’t work for the company ? Then let me tell you something. I’ve never heard of Keeper, but I see it’s a) online, b) paid-for, c) sold with an extortionate price system : 30 $/year minimum.
Kee Pass is free even for business use, and it’s much safer by construction than Kee Pass. It’s disingenuous to brag about “zero-knowledge” about Keeper, compared to Kee Pass. Kee Pass is super-duper zero-knowledge, because it’s local. Zero-knowledge is only relevant to online applications, because by going online you already make a compromise about security.
Also, Kee Pass is open source, which in itself is a security feature. I don’t see any claims that Keeper is open source. And of course, Kee Pass password database is encrypted, and the program has many other security features in order to harden it against potential attacks. Finally, Kee Pass has been audited as well.
So, apart from the fact that Keeper is an online password manager, and therefore an entirely different beast, what exactly makes it more secure than Kee Pass ?
Online password managers have only one possible advantage over local ones, and that’s convenience. Security is, at best, as good as with a local application, and even that is debatable. The best-kept secret is the one you tell nobody about.
There are programs I use regularly, that I am happy with, but that still keep my interest in potential replacements. KeePass, on the other hand, is a program I don’t even consider looking at a potential replacement for. For my use case Kp is near perfect.
I think I’d prefer a version including an option to disable the new username autocomplete functionality. Or perhaps less of a caused delay.
Also, I’d prefer a text area that isn’t resizable.
I have to wait several hours before my comment actually appears.
Martin,
Whit this review and also with the KFK File Splitter review are the pictures not savable in their png format so that they are possible to look at with any viewer?
I use KeePass and I like it.
I’m not sure I understand. I can save the images just fine. What happens when you try to save the images? Do you use a desktop browser or mobile?
Martin, When I am saving your images (No pictures with Firefox) there are (.png format) not readable by any viewer I have. They’re saying that the format is not yet available personly I believe that there some kind of Webpage format.
The same result when I am saving the pictures I am getting in Waterfox, (again no Firefox,) Google or Edge.
Maybe I also have to mention that the level of security in those browsers is different with Firefox the highest because of its main workhorse.
Also, only those two articles/reviews are affected no other earlier and later have the same problems with saving the images.
But there is something else changed in Firefox (With NoScript web extension version) sins main latest (earlier) message to you its that I am now, getting no pictures at all (in Firefox).
With Waterfox (NoScript Addon old version) I am getting a picture and when I save them (let’s say the first picture from this article – kfk-file-splitter.png) all main viewers are saying that the .png format is not available. But .png files I already have are working fine with those viewers.
Strange?
That sounds very strange. I don’t have these issues, just tested. Do you use extensions that may interfere? Anyone else experiencing this?
Martin, I believe the images with the “PNG” extension upon your website; that might not be displaying in some browsers are as follows:
https://cdn.ghacks.net/wp-content/uploads/2018/09/jarvis-300×300.png
https://cdn.ghacks.net/wp-content/uploads/2018/09/kfk-file-splitter-300×300.png
https://cdn.ghacks.net/wp-content/uploads/2018/09/microsoft-security-updates-servicing-300×300.png
The above files don’t appear to be saved as a valid PNG format, but have reference to “RIFF, WEBPVP8” in the ‘file header’ sections. Therefore those three specific files are likely related to the WebP format, i.e. https://en.wikipedia.org/wiki/WebP
Hope that helps.
Thanks now I see it as well. Will investigate!
KeePass is definitely an excellent program. Been using it for years.
Regarding the observation: “username is often the email address so that you may be able to fill out the username quicker when adding new accounts or editing them” …
A person should not be spreading the same email address to many places.
May I suggest that for a very low cost, a person should register an email domain of their own, and then could easily use a different email address for each login.
Examples: Chase-Bank-Account-3@my-domain.com
and Hardware-Store@my-domain.com
One advantage of unique email addresses is no duplication or commonality of information between different accounts – not email address and not password. A second advantage is that if an email address is sold or passed along, you will know who did it, since each email address is only used once.
I do this as well. I am using my webhost’s cpanel email to manage all of the emails though. I have not found a better solution. What are you using to host your domain’s email?
Me? I run my primary email server from my home for most of my domains, but for two of them, I run them out of a cheap hosting service. My primary email server polls those frequently and and grabs any email sent to them as as well so in the end, I only have to interact directly with my primary mail server.
This actually helps when using gmail for the same reason you suggest. If your email is John.Doe@gmail.com you can now easily do John.Doe+chasebank@gmail.com
Once in a great while you will run into a site or form that refuses the + in an address but it works over 99% of the time for me.
For those who don’t know about the + trick:
https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html
@George P. Burdell
You could also use disposable email addresses for this, such as mailinator.
@John, thanks for writing.
Sorry I was not clear enough the first time, but what you suggest would not work for the purpose intended.
If, for example, you want all future mail (statements, alerts) from your bank to come to your unique-to-the-bank address, the email account would have to have a lifetime of months or years, not just ten minutes.
Yes, if you are just signing up for a quick one time event, something like Ten Minute Mail works great.
[https://10minutemail.com]
But, for a continuing relationship, a person would need something with longevity. An email address on a domain you own fits this situation.
When you own the address, you can set it up to forward 100% of incoming mail to your “normal” email address, so you don’t have to be checking two places to see who is sending you stuff.
@George P. Burdel
Yes, sorry, I misunderstood. I thought you were just talking about setting up accounts, not ongoing correspondence. I run my own mailserver with my own domain names myself, and create new single-purpose email addresses all the time, so I’m in agreement with your solution for that.