IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [keepass]

KeePass is a free, open source password manager for Windows. It has unofficial ports for Linux, Mac OS X, Android, and iPhone. Passwords are protected with strong encryption keyed with a master password.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

97 questions
66
votes
13 answers

Storing KeePass database in cloud. How safe?

It certainly would be more convenient to store my KeePass database on either S3, Dropbox, or better yet SpiderOak. My fear is having my cloud storage account compromised then having the credentials recovered by either brute force or some other…
dperry1973
  • 763
  • 1
  • 5
  • 5
29
votes
3 answers

Is it unsafe to keep multiple versions of a KeePass database?

I keep my KeePass .kdb database in a remote location, and I never overwrite the old versions, I just append the date to the new version which I'm uploading. So it looks like…
Dominykas Mostauskis
  • 499
  • 5
  • 7
23
votes
5 answers

How does a key file increase the security of a password manager?

Password managers like KeePass often have an option to use a key file in addition to a master password. I don't understand how this increases security. (Note: KeePass also allows using a key file instead of a master password, but in this question…
HighCommander4
  • 1,182
  • 1
  • 10
  • 11
21
votes
4 answers

Does adding two-factor authentication by OTP really make KeePass more secure

KeePass is an application that keeps all your passwords for you in a database. It is primarily protected by a master password and/or keyfile. If the database is properly encrypted with that password this can be quite secure. There is a plugin…
Jeff
  • 3,599
  • 4
  • 17
  • 23
20
votes
5 answers

KeePass Vs OneNote

In my personal life, I use KeePassX to generate/store all my passwords. I have seen some people use a password protected OneNote section. Does the password protected OneNote section provide a comparable level of security to KeePass? Or is the…
pat
  • 211
  • 1
  • 2
  • 5
18
votes
6 answers

Practical and Secure use of KeePass

Currently I'm using KeePass as my sensitive data manager. I use just a main password to encrypt the database, but it is not very secure: 9 characters, lower letters and numbers mix with no meaning. Something like bwkvu5m8i I want to increase the…
user2247336
  • 183
  • 1
  • 4
16
votes
5 answers

KeePass security local malware

Can a malware that infected your local computer compromise a KeePass database stored locally in any way? If yes, what's the point for KeePass to have such strong security mechanisms if it cannot resist to this scenario? If you keep your DB locally,…
KB303
  • 423
  • 2
  • 5
  • 15
14
votes
3 answers

How trustful are KeePass plugins?

KeePass is great, I love it but after several years using it, sometimes I wish to install a plugin but I don't because I'm scared of what this plugin can really do without my consent. The documentation about plugin development is really short. I…
Jérôme MEVEL
  • 301
  • 2
  • 10
14
votes
2 answers

Is KeePass's method for key derivation secure?

I'm familiar with how key derivation functions can be used to slow down brute force attacks against passwords by requiring significant computational and/or memory resources to compute the final key. Common KDFs I'm aware of are bcrypt, PBKDF2, and…
Ajedi32
  • 4,637
  • 2
  • 26
  • 60
13
votes
1 answer

Is keepass random password generator fully secure and trustworthy?

Am I safe using keepass for generating passwords? For example my accounts, am I safe using a keepass generated password? Could my future keepass master-keys be safely generated in keepass? What method is used? Keepass 2.30 for Windows and…
keepass_fan
  • 358
  • 2
  • 7
12
votes
2 answers

Yubikey with KeePass using challenge-response vs OATH-HOTP

i got my YubiKey 4 today and first tried it to use KeePass with OATH-HOTP (OtpKeyProv plugin). My Configuration was 3 OTPs with look-ahead count = 0. It was not working that good because sometimes the OtpKeyProv plugin did not recognize my input…
DrGimpfeN
  • 121
  • 1
  • 3
11
votes
2 answers

Has anyone validated if KeePass is safe to use? Does it have any backdoors?

Everyone says "the code is open source, go check it out". The truth is, I neither know how to validate the complex code nor can I understand the binaries in code or predict their behaviours. Has anyone actually read it, understood it and validated…
LearnByReading
  • 420
  • 5
  • 8
9
votes
1 answer

Why doesn't KeePass use two factor / one time password generation to protect the database?

I've read KeePass kinda sorta tries as much as is possible to limit keyloggers (at least on PC). But since you type in your master database password on many devices many times, there's a huge chance that someone can at one point obtain a snapshot…
Spectraljump
  • 193
  • 1
  • 1
  • 6
8
votes
2 answers

Safe way to backup Bitcoin hardware wallet

On official site they (Trezor) emphasize that you should never store your recovery seed digitally. But this seems to me absolutely strange. First of all we live in 21st century. And paper (or even steel) backup is easy to lose and you cannot easily…
Yurii
  • 463
  • 3
  • 11
7
votes
1 answer

I stored a copy of my KeePass database on a portable hard drive and I lost the drive. Should I worry about that?

I've been using KeePass for years, and I have a lot of accounts. I need to access them anywhere I work, so I store one copy of my database on a portable hard drive. The drive isn't encrypted. The database is encrypted using AES-256 with millions of…
LQ2'
  • 71
  • 3
1
2 3 4 5 6 7