Reddit keepass safe Some folks have gone to very sophisticated setups.

Reddit keepass safe. Would it be strong enough to keep it there with a reasonable pass phrase, or is this idea too wild and risky? Opinions please. Store your KeePass database on a cloud drive, anything is fine. Somebody recently stole my USB flash drive that contained KeePass database. I would like to think it's safe. Has anyone actually read it, understood it and validated it for proper implementation of AES standards backdoors risk of the program itself sending data to places it shouldn't (malicious The whole point of using a password manager is having extremely secure passwords, if you use keepass to store passwords that you came up with and remember, you're actually less secure than not using KeePass at all. (I posted this question in keepass, thought this page would have the info) Has anyone used yubikey with keepass or keepassxc? Does it provide better security and comfort using than the keyfile ? What are the pros and cons? Can we use single yubikey for multiple databases? If I use strongbox for mobile and keepassxc for laptop, can I use the same key for both? Quantum-Proof Passwords Are the generated passwords safe from quantum processing? I’ve started to use keepass on windows desktop. If your Keepass is a free, open-source password manager that helps users securely store and manage their passwords. And then they Keepass2Android is fairly established. com Keepassxc. How am I supposed to know out of all of these which are legit and which aren’t? I generally use a local version off keepass in linux & laptop. I backup up this DB on 2 external drives (part of my backup policy) and on an encrypted cloud (a bit overparanoid). I already use strong, unique passwords and my keepass db is itself protected with 2FA so I am confident putting my TOTP secrets in the same database is still adequate protection. Some people like the self hosted architecture. Use a master password with at least 90 bits of actual, measurable entropy, and set the key derivation function to use Argon2 in the database settings (security tab), and you'll be fine. This had the nice effect that if you lose your phone/pc while traveling, I could still recover the KeePass database from the Dropbox web interface by only knowing my credentials. So far I love it. I just found the option to generate "hex key" passwords with the generator. Security and convenience are both important factors, and I'd love to hear about your practices and insights. Master password was more than 10 characters long, capital and small letters, numbers and symbols. So keepass/keepass2 is probably more powerful but would require a little more learning curve to use that power. If Technically, it's better to keep it closed when you're not using it. com Keeweb. Until I learned about KeePass. I can agree with others that you need to understand how cloud (DropBox, OneDrive, G Drive, etc. org Keepassx. Also, if I want a password, there is no reason to decrypt all notes in the database in the RAM; I just want a particular entry. It seems like the Keepass ecosystem might have the ability to do KeePass 1. Does anyone have Yes, the encryption in KeePass's database format is strong enough that its security will wholly depend on the strength of your master key. For OTP passwords/tokens I have been using Authy because it was one of the only options that had both an Android and Windows app. This means that even if you would dump the KeePass process memory to disk, you could not find I don't think any computer with either a virus or pirated software can be declared "safe" no matter what app we're talking about. kdb/kdbx, NOT csv or html). I had never considered that offline password managers existed, I just assumed that they were all online services. keethief) need the database open to work. I only ever use keyfiles for VMs, as it is a pain to pass my hardware key to them. Hello, I'm thinking about switching from Bitwarden to KeepassXC, already made a database, but there's this one thing that makes me wonder, how safe are Keepass' files? Really, I saw once a video where a guy using Linux terminal cracked Keepass' file, he got information what is the password, and then took the file to Keepass and then using this password opened it. I would appreciate feedback on my approach, if I could improve things in any way. The database is encrypted until someone enters a successful password to the database so, in theory, none of You should probably be using "Keepass2Android Password Safe" or "Keepass2Android offline"; the only difference between the two is whether they access the internet or not. Beyond that, don't barge into a forum saying you're an absolute newbie, How safe is AutoType, and what are the alternatives? I'm new to KPXC and tried out the AutoType feature. Is the KeePass file by itself 'secure' from attackers? I'd like to upload it to the cloud somewhere and leave it on my devices but let's say an attacker gets a hold of my file how secure is it from attackers? my understanding is that it's generally safe; I use it myself. This is true. You may switch to Keepass2Android offline, from the same developer, which does not have network permission thus cannot upload data to the internet. KeePassXC is a fork of KeePassX; both of these projects are aimed at being complete native cross-platform implementations (so they’ll run on Linux and Mac I used to use Dropbox to keep my KeePass database in sync. Depends on your threat model and what kind of user you are, but the short answer is yes, as long as it's encrypted (i. info Sourceforge Which ones are legit? It seems keepass. However, KeePass does have plug-ins that make syncing easier, but using them means trusting a It is safe if your computer is safe from unauthorized access. It's smaller even than browser plugins, as you don't expose KeePass to random external data. Hashes and signatures for integrity checking are available, and program binaries are digitally signed As much as I'm looking in to KeePass, one thing I really like about 1Password is they flag sites that are known to have been compromised since you generated your password — thus listing ones you should change Aquí nos gustaría mostrarte una descripción, pero el sitio web que estás mirando no lo permite. Some attacks against KeePass (e. Other than that it's mostly a matter of preference. You can have a look at its full source code and check whether the security features are implemented correctly. Keepassdroid is, as far as I know, an older app that isn't developed any more, so don't use that one. By "measurable entropy" I'm referring to using a method to Generally speaking, yes. If security is more important to you, then it’s probably better not to. info. Regardless of who has your keepass database, assuming you have a good passphrase, no one should be able to open it (thieves, cloud providers, etc). I want to start with simple, safe (from hackers) steps and not lock myself out. That way, if someone has compromised my cloud account. Is keepass safe even though it's open source? I had a discussion with my friend over dashline vs keepass. Welcome to Reddit, Considering switching to KeePass. Passwords can be stored in an encrypted database, which can be unlocked with one master key. On the other hand these attacks only work when your system is already compromised and that should be the top security priority. Everything is luks encrypted. Should I use any plugins at all? There are quite a few plugins I want to add: HIBPOfflineCheck, DB_Backup, KPEnhancedEntryView, KPFloatingPanel, Passphrase Generators (Readable Passphrase Generator), Yet Another Favicon Downloader If you are worried about the security of just the passphrase, you can set up your keepass db to be secured by both a passphrase and key file. Apparently there is a small risk that because it copies ids and passwords to the clipboard, malware that can read that might be able to steal your logins, so that probably depends on how cautious you are about what you install. g. Click here to read more. I'm not too familiar with the other options but I believe they all have decent security level. Mainly because I was using its predecessor, KeeFox, before Tusk was available. I use syncthing to copy the folder (among others) where keepass database is to my NAS at home, my NAS at work, and to the spare laptop (so that there's always real time backups). KeePass is a good password manager! It is open source, well supported, and has a ton of plugins. Exposing it on Nextcloud would make it a bit less secure of course, but I think it is a solid choice. ) versus local PC storage works or May make future potential migration between different Keepass managers as easy as drag and drop Keeweb (a Keepass DB implementation) Pros: Supports WebDav self-hosting (i. Bitwarden) submitted 8 days ago by OmegaAOL Hello, I'm switching from Bitwarden to KeePass, because: Hi I just started KeePass. It will be mainly for use on iPhone and Mac both running Chrome browsers but would like it to run on Android and Microsoft PC too. Explore its security measures and privacy policies in our comprehensive overview. The answer to your questions is yes : it works, it is safe, it is worthy, and you can keep your present passwords. They are now shutting down the Windows App in the next month or so. That said, a good rule of Is Keepass safe from keylogger/remote access software? I've migrated from LastPass to Keepass and it feels good to have a DB that's not in the cloud (extension based). org Keepassdx. It’s still the true reference implementation and is updated very regularly. Some folks have gone to very sophisticated setups. So I thought about using syncthing. does not rely on self-hosted service, just a file) Custom templates Smooth looking UI Cons: No pre-defined templates Manual grouping only (doesn't auto-group by I use Kee, myself. info is legit I think. Now Dropbox has introduced a 2fa Is keepassxc passphrase generator safe? Sorry if the was already asked, but I couldnt seem find an answer to this question. The key file is no more exposed than the keepass db would be on your devices and is not sufficient to access your keepass db content as a passphrase can still be I'm getting discouraged Reading Reddit in the categories of KeePassXC, Yubikey, passkeys and all related I came to the conclusion that an acceptable level of security is simply impossible. PasswordSafe & KeePass database stored on cloud storage (OneDrive,Gdrive,DropBox) This is a common method of creating your own, free, multiplatform Password Manager. Discover if Keepass is safe to use. If your computer is not physically safe, then no, anyone can access your Keepass. Local The use of a browser extension is always more risky than not using it. And the Hi, i saw a post here form a while ago discussing this, is it safe to copy the passwords? i use keepasxc on windows and linux to copy my passwords because they are 30 digits long. currently i use keepass to keep my passwords safe but lately ive been having thoughts like what if my hdd goes kaput. For a free app KeepassXC as mentioned before. I was KeePass quick unlock plugin safe? sorry if this is a dumb question, I have zero knowledge about security and cyber attacks, I want to quickly log in to my account when I need to access some password instead of keeping the application on all the time, assuming I need to enter the last 3 characters wouldn't it be easier for hackers to 16 votes, 28 comments. We've watched users enter their master passwords into keepass prompt which they didn't initiate, but trusted simply because it's a safe piece of software that exists on their machine. Of course, in that case it also depends on how you treat your password database file (do you keep a copy in some cloud? or only on USB sticks?) and especially how you treat your key file. Also While it's great that KeePass stores your passwords solely on your PC, manual syncing with another installation can be tedious. Allow it to read the KBX file. Nonetheless, all these popular password managers are "safe" from a crypto standpoint, so I guess it comes down to whether you want your database online or not. However, when I access my kdbx file on my work laptop, and I copy a password, how safe is it? KDBX encryption settings, safe usage - KeePass vanilla - good practices to increase security advices I was re-evaluating security of my personal and professional assets, obviously my KeePass DBs and their security is very Keepass should negotiate a special OS privilege and prevent even OS interfering with its memory space (like an isolated VM). Keepass is completely able to seamlessly sync with multiple devices, and these services really help make that easy. How concerned should I be? Is Obsidian safe for storing your passwords there? I would like to arrange a vault with all my passwords stored in organised notes. We use KeePass for anything that is not an Internet facing web-based login (internal IT use for network appliances, servers, etc). KeePass is the only one I have ever used, and is probably the only one I will ever use. Use KeepassXC for the best compatability. The keyfile is secured on multiple local drives. info Keepass. It asked to load the key file which stores it within the browser. There is no issue storing it on the cloud. Until now I sync manually, but I want to automate this. So I'm curious how secure are the plugins on the KeePass website. Maybe I'm a bit paranoid, but I want to make the setup as safe as possible. . In the event my google account is ever compromised the database file would be out in the wild. I use a key file for my db and I kept it in usb stick (heard its the safe practice). This includes malware. Your friend could easily have been infected with a keylogger that We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. KeePass refuses to admit there’s an issue with it’s software, but vulnerabilities persist. While it's convenient, all it does is macro input keystrokes in a specified order. Works on Windows, Mac, and Linux If you use KeePass on multiple devices, it's easier to use Keepass2Android because it has built-in support for cloud sync. This makes me uncomfortable as it's effectively arbitrary code and a black box. using a "random" number with your street name is an trueAfaik copy/paste is less secure because every application can read the clipboard. That's why I didn't use a password manager for many years. Even if someone was to hack into your Google Drive and take your (encrypted) password database, they can do nothing with it as long as you have a strong master password, since they would need to bruteforce your master password to Does it make KeePass more secure if the password vault is stored in a local encrypted folder? I am thinking if you lose your device, phone or computer, the hacker will have to decrypt the encrypted folder to find the password vault before they KeePass has less attack vectors than let's say LastPass which uses online functionality. The very fact that Keepass needs to decrypt your database, means that the database is encrypted by Keepass. i would lose all my passwords in a blink of an eye. I use keepasdx on android to copy them as well. At least on KeepassXC (and i also think in Keepass) the browser integration is specifically designed so that the website can only access the logins it's supposed to use. While KeePass is running, sensitive data is stored encryptedly in the process memory. However, don't believe some random guy on the internet, review their websites yourself and try to find I keep mine inside my Keepass KBDX, localy stored, which is protected by passphrase and keyfile. But the attack surface is MUCH smaller, since it's not exposed to the internet, or really even the local network. Been reading these forums and bitwarden etc, but still learning. Or make it less complicated without compromising safety. However a few months ago the app stopped switching back to my regular keyboard after I locked the data base. Does he have a point, is he correct? Aquí nos gustaría mostrarte una descripción, pero el sitio web que estás mirando no lo permite. Simply store the DB on a cloud storage provider and use a manager plus a fork on your phone, since the manager doesn't work on it's own. For those - we use Google's Password Manager since it's built-in to Google Workspace and easy peasy to get users to generate and store passwords. His point of view was that because keepass was open source, it is easier to reverse engineer and thus easier to hack. I see KeePassDX offers the same functionality. The key file is much easier to sync by hand because it doesn't ever change. Each one of the methods of saving it has advantages and disadvantages, including: portability, risk of loss, accessibility, sync, versioning, physical security, backups, convenience I'm curious about where everyone stores their KeePass database files and keyfiles. I currently use KeePass and Keepass2Android for all my password access on PC/Android respectively. I use my yubikey alongside KeepassXC. Is that safe doing it in Obsidian? I use KeePass Touch, it supports Face ID and multiple databases (and autofill, of course) and is cheap downside is manual syncing via FTP if you don’t use Dropbox (and I don’t since they crippled it, limiting free account to 3 devices). I am not there yet. That said, there are huge benefits to using a really long password, while also storing your db on a remote server (such as dropbox) for synchronisation reasons. And I read keepass. What should i know? Question(self. Questions: What are the best Keepass forks that I can use for android? Can I store my database file on Google Drive without encrypting it with my own PGP keys? (is it safe) Edit: previously I was a What is the best password manager and if you could tell me why that would be great? Every review is different and confusing. They argue you are removing a threat surface, because your encrypted vault is never exposed online. For security reasons I don't want my database to lay around on some cloud server. Is it okay to store it that way? And is it safe to use the Tusk extension? I haven’t seen much reviews or KeePass is the original implementation, written for Windows. My master password is incredibly strong. What do you use? KeePass or KeePassXC, and why? If you use KeePass, what Plugins do you use with it? It's obvious no encryption is "fully" secure, but I'm asking if I can safely upload my database online (protected with challenge response) and being confident nobody else could crack into it (hypothetically there are no super computers and I want it to take >100 years conventionally). But also because I like having KeePass itself running for when the browser extension can't fill the fields correctly, for when I need non-password data, and for those stubborn sites that insist the user actually type something rather than allowing auto-filling extensions to work. I am considering uploading my database to my google drive account but I have reservations about security. In this article, we will explore whether you're at risk when using Keepass and There is a paper by Paolo Gasti and Kasper Bonne Rasmussen from the University of California which looks at the storage formats used by various passwords managers - they do highlight Yes, KeePass is really free, and more than that: it is open source (OSI certified). I've downloaded Keepass for Archlinux (OS), but I didn't found any official version of it for Android. The truth is, I neither know how to validate the complex code nor can I understand the binaries in code or predict their behaviours. Strongbox for macOS/iOS may be the best Keepass client on any platform. For example: Aquí nos gustaría mostrarte una descripción, pero el sitio web que estás mirando no lo permite. com Keepassium. Putting a password-protected keepassxc database on an encrypted USB is a pretty simple setup for some very good security. I also have a dedicated text file inside an encrypted container just to be sure. How do we know the KeepassXC executable is safe? When running on Ubuntu, the main option is just running the Appimage binary. Some say that KeePass DX has a nicer ui. If your main concern is feeling safe, you could always use a locally stored database via keepass for your bank info and other extra-sensitive information. anyone here can share how they keep thier passwords safe not just from hacker but also from physical device failure. Way too many websites Keepass. Imagine for a moment I wanted to store a keepass file on GitHub so I can get to it in an emergency or as recovery from a crypto attack. My life with KeePass: Download KeePass, install and configure plugins, add sites/passwords, suddenly have the realization that all of my passwords are stored in one database on my laptop, backup my database to cloud storage to prevent database from being lost if laptop goes tits up, realize that my database is stored unencrypted on cloud Just started using keepass. Download keepass2Android, and KeePassium for IOS for your mobile devices. While you can get KeePass running on a non-Windows system using Mono, it’s a bit clunky. This would allow keepass not to hand over secrets to OS for copy, etc. KeePassXC has a quick start guide and a user manual in PDF format. This added extra steps every time I entered a password. Reply reply Ummgh23 • Reply reply More The official subreddit of KeePassium — an open-source KeePass-compatible password manager for iOS. Onedrive, dropbox, google etc. And Windows even saves clipboard entries so you can access the last 5 or so clipboard entries with Win+V. Love KeePass. What I want to know is if there are any significant security vulnerabilities inherent in KeePass that would make cloud storage a bad idea. (obvious to you) If we look at typical passwords humans come up with they are short and quite predictable. I love using KeePass and derivatives (+) for my passwords across about 10 devices I use regularly. 43 mainly features user interface and integration enhancements, and various other minor new features and improvements. I also rsync to a HDD I keep in my truck. But it's also a paid app which is not for everyone. My idea is to use database with password and key file. I keep copy of kbx file in a USB stick when I travel. If yes, then go ahead and use it. It's established and widely trusted. The developer of Kee Pass would not list them otherwise. But there are many forks that I can choose from but are they trustworthy enough. The "unofficial" mention just means that those are independently-developed programs, and Kee Pass does not vouch for them. e. I tried to integrate the db with chrome browser via Tusk extension. If I find myself in a bind without laptop, I'd like to use say a Chromebook (login as guest user) and plug in the USB stick, access https://keeweb. I hope it isn't intercepting my password and keeping a copy of the KBX on their website. Plugins for KeePass probably have roughly the same risk profile as plugins for WordPress - any random developer can make any random mistake. With KeePass DX, you have to use an external tool to sync your database file. I don’t know for sure how safe it is, but the main question is if you value convenience more than security. Thankfully, Reddit's very active and friendly /r/KeePass community discusses all KeePass variants, including KeePassXC. (Basically a browser addon) KeePass is also open source, which is pretty advantageous. That's the Everyone says "the code is open source, go check it out". Is this more or less secure than a password using all letters an numbers and special caracter? What are the benefit of using this over another method? Hello everyone, after sharing my latest KeePass video with this community here and receiving a lot of positive feedback & many upvotes, I decided to share some more video content that has helped hundreds of users on YouTube already. Then you can sync between all devices. So both are good options, and I can see why people might prefer either one, personally I opted for what seemed simpler/easier to use (xc) How safe is keepass other field? how safe is it to store sensitive information on other fields like notes username or other place i havent mentioned other than the pw field Keepass is considered very safe. The password from Dropbox was a strong unique password, that I had to remember, not from KeePass. I've never heard of AuthPass before. I've been using Keepass2Android for years. The keyboard swapping feature worked really well and kept my passwords out of the clipboard. I use keepassxc in a Windows PC and keepassdx on 3 Android devices. The main feature I recommend Keepass2Android for, is the behavior when saving to a database that has been modified outside KeePass is a free open source password manager. But then many turn around and configure KeePass to back up to an online store like synchthing. Aquí nos gustaría mostrarte una descripción, pero el sitio web que estás mirando no lo permite. Is it just a leap of faith given you trust the domain it's downloaded from? How do most people justify running this thing? That said, keepass with a diceware password and a keyfile is pretty safe. KeePassDX is newer. It just gives potential threats more room for attacks and bares more potential vulnerabilities. com is unofficial but legit apparently. Also keepass/keepass2 are programmed in a memory safe language (C#), while keepassXC is not (C++). Here are some general thoughts: I back up my entire profile folder to a spare laptop with rsync. vmgy jzisc zqqop swad pzjqcbj cujxo klsobd mlqv peyh zfwal