dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
12
share rss forum feed


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 edit
reply to whichpasswor

Re: Which password manager is the safest and most trustworthy?

Click for full size
This thread got me thinking about how it's waaaaaay past due for managing my passwords more effectively. After reinstalling Kepass Professional I'm liking it very much now!
When I tried it years ago I had some difficulties with it and not get it to work correctly. I can't remember if I was using the .NET version or not. Now it works just as I expect it too. Feel much better using secure unique passwords as I was using 1 -3 similar passwords across all sites I'm registered with. Absolutely horrid thing to do, but now I can safely say I'm done creating passwords that way. Now EVERY site; banking, community forums, e-mail... BBR has a unique lengthy password (when allowed) that I don't even know. KeePass stores it all in a database file. Database file is backed up of course as part of my external system/data backup images, and a separate database file is backed up to a USB key.
EDIT: Just read up how you should NOT keep the database file and the key file in the same folder/directory. So I may change that, but at the moment I'm not sure what the reason behind this is? The keyfile itself is useless without the master password to the database file and the master password to the datasbase is useless without the keyfile...
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS

1 recommendation

I'm a longtime KeePass user but have recently switched to 1Password.

said by Dustyn:

EDIT: Just read up how you should NOT keep the database file and the key file in the same folder/directory. So I may change that, but at the moment I'm not sure what the reason behind this is?

The purpose of the keyfile is an additional protection: an additional piece of information that would need to be obtained/compromised. In other words, compromise of your passphrase alone is not sufficient to gain access.

If you keep your keyfile and database together, there may be little additional security benefit over just using a strong passphrase (with no keyfile).

I kept my keyfile on a USB key that was also securely archived to protect in the event of a failure of the USB key.

There are a few threads in the KeePass forums which cover this question, but one recent one: »sourceforge.net/p/keepass/discus···d88d47c/


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
Thanks for the info!