Password Manager KeePass 2.55 warns users about weak security settings

Martin Brinkmann
Oct 13, 2023
Security, Windows software
|
2

A new version of the password manager KeePass is now available. KeePass 2.55 is a smaller release that improves security, imports and introduces some new features to the application.

The new version is already available for download. Users still have the choice between an installer and a portable version. The installer may update any existing installation to the latest version.

Selecting Help > About KeePass in the interface displays the current version. There is also Help > Check for updates, which runs a check for updates. KeePass does not include automatic update capabilities though.

keepass 2.55

KeePass 2.55

KeePass users who create new encrypted password databases using AES-KDF, one of the supported algorithms, benefit from an increased default number; this improves protection against brute force and guessing attacks. The new number of iterations is 600000.

key transformation settings weak

Existing users may get a notification when they open one of their databases.  This happens if the value of iterations is smaller than the new default value. A click on yes upgrades iterations immediately.

The new setting can be turned off under Tools > Options > Security > Show warning when the key transformation settings are weak.

Selecting File > Database Settings > Security in KeePass displays the current  encryption algorithm that is used and an option to change its iterations or migrate to another algorithm entirely.  We recommended changing the number of iterations for AES-KDF back in February or switching to Argon instead.

Password imports from several third-party password managers have also been improved. Google Chrome and mSecure CSV imports support new formats now, and imports from 1Password support the new password field/type as well.

KeePass makes a few usability improvements next to that. Changes made to the HTML export and print dialog are remembered now by the application. KeePass is now also highlighting the option that it will use when users select "do not show this dialog again". Report dialogs may be closed with a tap on the Esc-key in the new version.

A new feature is the compare entries command, which enables users of the software to compare two entries.

You can check out the full changelog here.

Verdict

KeePass 2.55 may be a lighter release, but it improves default iterations for one of its core algorithms and informs users if the current iteration count is smaller than the new default. A single-click on "yes" updates the iteration count of the database, which improves security against brute force and guessing attacks.

 

 

 

Summary
Password Manager KeePass 2.55 warns users about weak security settings
Article Name
Password Manager KeePass 2.55 warns users about weak security settings
Description
KeePass 2.55 is an update for the Windows password manager that improves security and includes a number of usability changes.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. James said on October 21, 2023 at 8:08 am
    Reply

    There is also the nice option “1 second delay” on the security tab which automatically compute the number of iteration taking one seconds. On my i5-1155G7 I’m at 17 millions which sounds much higher than 600k.

  2. matternot said on October 18, 2023 at 4:11 pm
    Reply

    The new default still seems low. Mine was set to 1000000 and opens reasonably fast on a 13+ year old CPU.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.