Hi,
I’m deleting some data from password that should be not kept for security reason. Remove is not useful if that data stay in the version history, will create a potential security issue on my side.
For how much long this is keep?
Hot to delete?
The version history is immutable and kept forever.
If you want to get rid of it, do the following:
- Copy the password into the clipboard
- Click the “⋯”-menu in the list entry of the password
- Choose “Edit as new”
- Paste the password into the field in the edit form and save
- Verify all data has been copied correctly
- Delete the old entry
- Go to “Trash”, then empty it
Additionally:
- Go into the admin settings of the passwords app and choose something other than “never” for “Remove deleted objects from database”
- Clean up the automatic Backups
You know I will loose all content of the fields hidden secured?
Copy as new is not a solution even I think this has been implemented to skip the introduction of history that cannot be erased.
Is not enough copy just the password as many secured field will be loosed and I cannot open even two window for copy missed data to the new contact
This History that never allow to be deleted it’s a big issue.
I will need delete everything and restart from zero, 80 password and cards to redo to stay safe from some data that I never put together in that cards.
Just as feedback, is not a good idea, on my experience and point of view, introduce a history that cannot be deleted. In my case this create a potential security issue so I need reset everything and start from zero.
Copy as new is not working well as solution as I don’t need only insert the password but all secured field will be not copied also. I cannot open two tab for transfer data so it’s a big work to do all from zero.
Why do you consider a password history that contains passwords that are (or should be) no longer in use a security issue? Can you elaborate on this…?
…the only reason I can think of why the password history would be an issue is if you were still using certain passwords from that history elsewhere, which you shouldn’t be doing in the first place.
Re-using passwords is the biggest security risk of them all. And since you’re using a password manager, there’s no reason to re-use passwords, because a password manager makes it incredibly easy to use a unique, randomly generated passwords for all of your accounts.
And even if you were to re-use passwords from that history, why would the history be a concern? I mean, the history is stored in your password manager. If you don’t trust your password manager to keep your history safe, you probably shouldn’t use it in the first place. 
But keep in mind that Facebook Messenger monitors the clipboard.
JM2C.
I was saving also two factor recovery codes.
After some days I think this is not the maximum store password and recovery codes together under the same place, same crypt password, etc…
The password manager store sensible data and is not good, on my point of view, forbir the deletion of an item (in this case a history).
I consider safe or maybe I hope but I feel more safe if I don’t store together also the two factor recovery codes.
Is less comfy but more secure to keep separate.
Hidden/Data fields are copied to the new entry, only secret fields aren’t
“Edit as new” was never supposed to bypass the history. No one has ever had an issue with the history before.
The feature is there to allow one password entry to be used as a template. That’s why it clears all secrets/passwords because you’re not supposed to reuse them.
There is absolutely no security benefit to not having that history.
There was no reason to do that.
Alternatively to the solution for a single password which i proposed before, the passwords app also has an export/import feature where you can export all current data, clear everything and then just import the data again. That would leave you with just the latest revision for each entry.
Yes, Storing 2FA with the password is a bad security practice as it completely circumvents the idea of having a 2FA in the first place.
Doing so even once, the 2FA needs to be considered as compromised. Whether there is a history feature or not is not relevant for this.
You can never “delete” a security mishap and assume this makes it undone.