Password Health Check - UI Improvements

[OLLI-S]

Summary

Today I tested the new Password Health Check (#3993) and here is some feedback for the UI

Details

When I run the report, then the results look like this:

Here I wish to have the following features:

1. Allow me to resize the columns (so I can make the "Title" a bit smaller to see more text in "Reason")
2. The column "Title" is aligned to the longest entry, but maybe you make the column smaller, so 80% of all entries can be displayed in one line (the text of the other 20% is wrapped into multiple lines)
3. Same for the column "Path" (also here the width should be reduced like suggested in 2.)
4. Add icons in addition to the color in the first column as discussed here: Check passwords against hacked password databases [$300] #1083 (comment)
5. Show statistics below the table (number of weak passwords, number of expired passwords, number of reused passwords, total number of findings) like you have them in the Statistics page (saves me one click)
6. Exclude expired entries like suggested here Integrated Password Analyzer and Health Check [$170] #551 (comment)
   I have 116 expired entries and nearly all of them are for services/websites that are no longer existing (but I want to keep the entries).
7. Let me sort the table by any column
8. Show the entropy directly behind the text "Very weak password" (is faster than having to open the tool tip in the column "Reason") so this info can be removed from the tool tipp:
   For example: "Very weak password (entropy is 28.73 bits)"
9. Show the expiry date directly behind the text "Password has expired" (is faster than having to open the tool tip in the column "Reason") so this info can be removed from the tool tipp:
   For example: "Password has expired (31.12.2006 23:00)"
10. For re-used passwords it would be cool to have the possibility to expand the text in the column "Reason" so I see the locations directly below the line "Password is used x times".
    So here also no tool tipp is needed (it can completely be removed)

The Health Check is a fantastic feature and I see now that i have a lot to do!

Debug Info

KeePassXC - Version 2.5.3-snapshot
Build Type: Snapshot
Revision: c427000

Qt 5.12.0
Debugging mode is disabled.

Operating system: Windows 10 (10.0)
CPU architecture: x86_64
Kernel: winnt 10.0.18363

Enabled extensions:

• Auto-Type
• Browser Integration
• SSH Agent
• KeeShare (signed and unsigned sharing)
• YubiKey

Cryptographic libraries:
libgcrypt 1.8.4

[droidmonkey]

Entropy is confusing information to most people, which is why it's in the tooltip. We also don't want to clutter the reason field with so much information to the point it becomes cluttered. I think showing the number of days the password is expired is more readable then the exact date. Resizing and sorting columns would be a great improvement, I think the title and path columns should have word wrapping turned on.

Excluding all expired entries is easy. What we would most likely want to do is add a setting to groups to exclude whole groups from the health report (similar to exclude from search) so you can toss all your expired entries in that group.

Great feedback!

[OLLI-S]

@droidmonkey I updated my text above while you posted your reply (textual changes).

I want to get rid of the tool tips because of the following reasons:

1. A tool tip forces all users to perform a manual action (move the mouse and wait) and this for each entry in the table.
2. The information shown in the tool tip is important (like the location of reused passwords). Important information must not be shown in tool tips
3. How can blind people get the information that is provided in the tool tip with a screen reader?
   Normally screen readers can read all information that are displayed in tables but making tool tip information accessible is not trivial (we have many problems with web applications).

Preventing whole groups from the health report is a fantastic idea.
I already begun to move expired entries into a separate group so they can be ignored.
Perfect.
And ignoring single entries from health check is suggested here: #4168

[droidmonkey]

The point of the tooltip is that it presents information that is not necessary to most users. For accessibility we can populate the "accessible description" in addition to the tooltip so that screen readers will read it out. Now if Qt had a simple element like a "details" pulldown I would prefer that:

Like this!

[OLLI-S]

@droidmonkey I updated my reasons in the posting above #4274 (comment) and added reason 2.

I agree that the password entropy and the exact expiry date is an information, that is optional (not needed for normal users).
But the location of re-used passwords is really important!

So what about adding multiple "details" pulldowns in one cell:

Very weak password

Password entropy is 28.73 bits

Password has expired

Password expiry was 31.12.2006 23:00

Password is used 3 times

• Used in OLLI\Hardware\Network\Name of the Entry
• Used in OLLI\Music\Name of the second entry
• Used in OLLI\Programming\Lazarus\Name of the 3rd Entry

This way users can collapse and expand the information they need.
And you can get rid of the tool tips.