PasswordSafe Preferences


Like many applications, PasswordSafe allows you to configure its behaviour and appearance to best suite your taste and needs. Many applications store such preferences in the Windows "registry", as a matter of convention and convenience. Previous versions of PasswordSafe used the registry as well, but this has proven to be problematics for the following reasons:
1. Some of the configurable preferences are security related, and storing them in an open repository such as the Windows registry may enable an attacker to gain access to the database (for example, if the attacker were to disable the locking of the database after an inactivity timeout, the user would assume the database was safely locked while out to lunch, whereas the attacker could then access it at her convenience).
2. Many people are using PasswordSafe from a disk-on-key or otherwise sharing the same database across several machines. It's impractical to share the configuration data in a registry in such a manner.

PasswordSafe has a number of preferences, each with a reasonable default value. When a user changes the configuration to a non-default value, the new value is store by PasswordSafe.
PasswordSafe defines preferences as security-related or non-security related. The former are kept in the database, encrypted with the same key as the user's data.
Non-security-related preferences are kept in a configuration file, pwsafe.cfg. This file is in XML format, with sections per host machine and per user, so that the file may be shared between different users, and across different machines.
By default, pwsafe.cfg is kept in the same directory as the pwsafe.exe executable program. If, however, the PWS_PREFSDIR environment variable is set, pwsafe will use the configuration file stored there. This is useful for cases where write permissions to the pwsafe.exe install directory is restricted.

The following tables describes the configuration items. Most of them are configurable via the Manage->Options dialog box.

Boolean (true/false) preferences

Preference Default Where stored Comment
alwaysontop false pwsafe.cfg Main window alway on top
showpwdefault false database  
showpwinlist false database  
sortascending true database  
usedefuser false database  
saveimmediately true database  
pwuselowercase true database Password generation policy
pwuseuppercase true database Password generation policy
pwusedigits true database Password generation policy
pwusesymbols false database Password generation policy
pwusehexdigits false database Password generation policy
pweasyvision false database Password generation policy
dontaskquestion false pwsafe.cfg  
deletequestion false pwsafe.cfg  
DCShowsPassword false pwsafe.cfg  
DontAskMinimizeClearYesNo true pwsafe.cfg  
DatabaseClear false pwsafe.cfg  
DontAskSaveMinimize false pwsafe.cfg  
QuerySetDef true pwsafe.cfg  
UseNewToolbar true pwsafe.cfg  
UseSystemTray true pwsafe.cfg  
LockOnWindowLock true pwsafe.cfg  
LockOnIdleTimeout true pwsafe.cfg  
EscExits true pwsafe.cfg  
HotKeyEnabled false pwsafe.cfg  
MRUOnFileMenu true pwsafe.cfg Most recently used databases
DisplayExpandedAddEditDlg true database Default More/Less details
MaintainDateTimeStamps false database  
SavePasswordHistory false database  
FindWraps false pwsafe.cfg  
ShowNotesDefault false database  
BackupBeforeEverySave true pwsafe.cfg  
PreExpiryWarn false pwsafe.cfg  
ExplorerTypeTree false pwsafe.cfg Show groups first in tree view
ListViewGridLines false pwsafe.cfg Show grid lines in list view
MinimizeOnAutotype true pwsafe.cfg  

Numerical preferences

Preference Default Where stored Min Max Comment
column1width n/a pwsafe.cfg n/a n/a  
column2width n/a pwsafe.cfg n/a n/a  
column3width n/a pwsafe.cfg n/a n/a  
column4width n/a pwsafe.cfg n/a n/a  
sortedcolumn 0 pwsafe.cfg 0 15  
pwlendefault 8 database 4 1024 Default password length
maxmruitems 4 pwsafe.cfg 0 20 Most recently used databases
IdleTimeout 5 database 1 120  
DoubleClickAction DoubleClickCopyPassword pwsafe.cfg n/a n/a  
HotKey none pwsafe.cfg n/a n/a  
MaxREItems 25 pwsafe.cfg 0 25 Recent entries
TreeDisplayStatusAtOpen AllCollapsed database n/a n/a  
NumPWHistoryDefault 3 database 0 255 how many passwords to keep in history
BackupSuffix 0 pwsafe.cfg n/a n/a  
BackupMaxIncremented 1 pwsafe.cfg 1 999  
PreExpiryWarnDays 1 pwsafe.cfg 1 30 When to warn on about-to-expire passwords

Textual Preferences

Preference Default Where stored Comment
currentbackup <none> pwsafe.cfg Path and name of last backup file
currentfile <none> pwsafe.cfg Currently (i.e., last) opened file
lastview tree pwsafe.cfg Last view selected: Tree or List view
defusername <none> database  
treefont <none> pwsafe.cfg  
BackupPrefixValue <none> pwsafe.cfg  
BackupDir <none> pwsafe.cfg  
AltBrowser <none> pwsafe.cfg Alternate browser
ListColumns <none> pwsafe.cfg Non-default column order
ColumnWidths <none> pwsafe.cfg Non-default column widths
DefaultAutotypeString \u\t\p\t\n database