Question about KeePass

twang · #1 10-09-2006, 05:02 PM

Hi.

I recently downloaded KeePass and it seems like a really neat little program. I'm curious how you guys manage master passwords and /or key-files. It seems like the safest and most convenient method would be having the keyfile on one USB-drive and having the database and application itself on another USB-drive. That way you need to have physical access to both drives to log into whatever account you want o protect. I'm not sure this is the best method though so I'd like to hear how other people manage this.

BBill · #2 10-09-2006, 08:25 PM

How did you get your user ID to show up 3 times on the left of the above post?

I use keypass password safe and just set a password.

elffaw · #3 10-09-2006, 08:47 PM

that's his avatar.

i just use a very secure password.

it's 17 characters long, contains both cases of letters, symbols, and numbers.

Ryan Beal · #4 10-09-2006, 10:04 PM

I use a keyfile and long master password, and the DB and keyfile are both on my thumb drive. Someone would have to find or steal it, know to use the keyfile buried in a certain directory, and crack the master password to get access.

I'm not too worried about keeping the DB and keyfile on the USB. Most of the time I use the DB saved to my hard drive in combination with the keyfile found on the thumb drive. The DB on the thumb drive is just a copy in case I need my passwords while using someone else's computer. Also, I save a backup of the keyfile on an older hard drive that's not usually hooked up to anything.

BBill · #5 10-09-2006, 10:27 PM

Cool avatar -
Yes more secure is better advice. I just us a password but my PC is in a private residence and usually only family members will have access.
If in a semi private setting like a dorm or group house I'd use a more secure method without a doubt.

SamIAm · #6 10-10-2006, 01:13 AM

I always thought the avatar was very clever, but wasn't fooled with my color-scheme. [img]/images/graemlins/smile.gif[/img]

-Sam

twang · #7 10-10-2006, 12:06 PM

Thanks for answering guys.

@Ryan: Hiding the key in some odd directory on the stick was a good idea. I just made some folders with random system files and stuck the key in there. Obviously, having the key and the db on separate drives should be the more secure method (and most importantly, more spy movie-ish!) but having everything on the same drive is more convenient.

@Sam: That is one ugly color scheme. [img]/images/graemlins/wink.gif[/img]

CORed · #8 10-10-2006, 01:21 PM

I just use a very good password. If you put your keyfile on a USB drive, and lose the USB drive, or the USB drive dies, You will lose your database. You certainly want your database to be secure, but you don't want it so secure that you can't access it. If you put the keyfile on a USB drive, have it backed up somewhere (hard drive, another USB drive, CD), and use a password too, so if somebody gets ahold of the USB drive with the keyfile, they still need a password to access it.