Changing Master Passwords

To change a master password (referred to as "Safe Combination" in older versions), first open up the database whose password you wish to change. Once opened, go to the Manage menu and select Change Master Password. The following window will be displayed:

Note: If you do not have a YubiKey, then the YubiKey buttons will not be displayed, and you can ignore the description of their use below.

You should now enter the current master password, followed by the new master password (twice, for confirmation). The master password can be entered using the physical or virtual keyboard.

Password Safe has a built in check for what it considers to be weak master passwords. In general, a master password (like any password) should consist of mixed case characters with at least one number or special character (such as those found above the number keys on a keyboard). If a master password is entered that the program considers weak, it will prompt for confirmation. You may the option to accept the originally entered (weak) password, or to enter a new one.

On checking the "Show Mast Password" box, the contents of old and new master passwords will be visible in clear and the confirmation edit box is disabled as no longer necessary.

For YubiKey users: In addition to changing the master password as described above, this window allows you to add or remove YubiKey authentication, add or remove additional password authentication, as well as switch the YubiKey that is used to access the current database. Following are instructions for each of these actions:

Adding YubiKey Authentication

To convert a Password Safe database that is accessed using a Master Password to YubiKey access:

1. Enter the current Master Password in the Old Master Password field
2. Insert you YubiKey
3. If you wish, enter (and confirm) a password in the New Master Password and Confirmation fields.
4. Click on the lower Yubikey button, and then activate your YubiKey.

Removing YubiKey Authentication

To change the PasswordSafe database so that it is only protected by a master password:

1. Insert your YubiKey
2. If you currently have a password associated with this database, enter it in the Old Master Password field
3. Click on the upper Yubikey button, and then activate your YubiKey
4. Set the New Master Password (and the Confirmation) to the desired value.
5. Click on OK.

Adding/Removing/Changing Password Authentication

Password Safe can use YubiKey as the only access mechanism, or along with a conventional password. To change from one to another:

1. Insert your YubiKey
2. If you currently have a password associated with this database, enter it in the Old Master Password field
3. Click on the upper Yubikey button, and then activate your YubiKey
4. Set the New Master Password (and the Confirmation) to the desired value: Blank to remove the password, or a new password to add or replace the password.
5. Click on the lower Yubikey button, and then activate your YubiKey.

Changing YubiKeys

To switch from one YubiKey to another:

1. Insert the old YubiKey
2. If you have a password associated with this database as well, enter it in the Old Master Password field
3. Click on the upper Yubikey button, and then activate your YubiKey
4. Remove the old YubiKey, insert the new one
5. If you wish, enter (and confirm) a password in the New Master Password and Confirmation fields.
6. Click on the lower Yubikey button, and then activate your YubiKey.
   

Notes:

• There is no mechanism within Password Safe to retrieve lost or forgotten master passwords. This is a deliberate design decision, since any mechanism for retrieving lost passwords poses a security hole that can be exploited.
• Please choose a difficult-to-guess master password. A trivial password, such as "password" or your name is easy to guess, and negates the security that Password Safe provides.