IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [keepass]

KeePass is a free, open source password manager for Windows. It has unofficial ports for Linux, Mac OS X, Android, and iPhone. Passwords are protected with strong encryption keyed with a master password.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

97 questions
6
votes
2 answers

Keepass 2.0 file attachment security

I recently found the ability of attaching files to entries in KeePass 2.0: does KeePass just remember the location of files attached to the entry or does it encrypt the attached files inside the KeePass database somehow?
Matt
  • 121
  • 1
  • 8
6
votes
1 answer

Keepass' password protection in memory

Plenty of "passwords in memory" and "keepass" related (old) topics in here, but most of them are about how to harden key protection ; plus it seems protection mechanisms by Keepass have evolved for the last couple of years. In 2021, as KeePass is…
Ozwel
  • 161
  • 7
6
votes
1 answer

How is PasswordSafe different from KeePass/OtpKeyProv?

Over at Does adding two-factor authentication by OTP really make KeePass more secure the top answer unmistakably states that KeePass is not made more secure by using an OTP. I told a friend I was using PasswordSafe instead of KeePass but then he…
Sixtyfive
  • 216
  • 1
  • 8
5
votes
1 answer

Keepass - Needle in a stack of needles

I got the idea from someone saying the best way is to hide the needle in a stack of needles, not in a haystack. I am considering writing a little app to accompany my Keepass installation. The app would create X (1024?) .kdbx files with random…
NamSandStorm
  • 227
  • 1
  • 6
5
votes
2 answers

Keepass Dictionary Attack Protection Strategy

Though pretty interested, I'm everything but an expert in Information Security, please redirect me to any helpful resources if my question is stupid or correct me if my assumptions are wrong. When reading through the Keepass Security page it seemed…
TheWolf
  • 1,069
  • 7
  • 12
5
votes
3 answers

Where to keep key file used as composite key for Keepass 2

I used to use a master password and "Windows User Account" to get into my password datasbase with Keepass 2. Then I realized the "Windows User Account" option is garbage because if you ever want to upgrade, migrate, reinstall the OS then the…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
5
votes
1 answer

How secure is KeePass KDBX4 by default?

How secure is KeePass KDBX4 by default if someone obtain the .kdbx file and attempt to brute-force it without knowing any hint of the master password? With assumption : The password length is equal/more than 20 character Password is chosen from a…
ilos-vigil
  • 53
  • 7
5
votes
2 answers

Which is more secure Yubikey + Keepass using Challenge/Response or Yubikey + Keepass using OTP?

I use a Windows 10 PC and an Android phone with Keepass. I would like to add a second factor on top of my master password that works with both Windows 10 and my Android phone. Between the two support methods of authentication, which one is more…
user1709730
  • 63
  • 1
  • 4
5
votes
2 answers

How can I be sure my Keepass client is secure?

I've been fiddling with a locally encrypted disk image for years and I think it's finally time to use a password manager. Keepass is what I want to go with but I'm not a fan of the UI of the official project. I noticed there's a good number of…
codehearts
  • 155
  • 1
  • 9
5
votes
2 answers

Properly use files that have keys

Both KeePass and Veracrypt allow you to secure your password database and containers with a password and keyfiles. My question concerns storage and usage on a local user level(home) computer. I keep my PC regularly updated, and I have a good…
user168799
5
votes
2 answers

Security for KeePass Emergencey Sheet

KeePass just introduced the concept of an emergency sheet that can be shared with trusted users. This question might go beyond the scope of this site, but suppose you printed one of these sheets, how would you store it? I found this IS page, but…
user161164
5
votes
3 answers

Is there a password manager that combines a "master password" solution with a keystore solution?

There are many posts online debating the merits of "master password" or "deterministic, site-specific" password generation tools. The general idea is that a function hash("my_master_password", "facebook.com") could deterministically give you the…
Trindaz
  • 153
  • 4
5
votes
4 answers

What are possible methods for calculating password entropy?

I noticed there are tons of questions and answers about password entropy on this forum, some even suggesting formulas for calculating it. None did answer my exact question. What are possible or commonly used methods for calculating password…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
5
votes
3 answers

Is it safe to leave Keepass always opened on a computer?

I often need to get several passwords from my Keepass during the same day and I find myself having to open it and input the master password every single time, which is awfully laborious. The obvious solution to this problem would be to leave it…
drake035
  • 453
  • 1
  • 4
  • 11
4
votes
1 answer

Relative security of 'offline' vs 'online' password managers

I am a long-standing KeePass user, but I find its browser integration and Android apps a bit ropey, and certainly harder work than a cloud-based solution such as Lastpass or Bitwarden. I have been trying both of those, and they are so much more…
Chas
  • 41
  • 2
1
2
3 4 5 6 7