dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
25

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

1 edit

Dustyn to whichpasswor

Premium Member

to whichpasswor

Re: Which password manager is the safest and most trustworthy?

Click for full size
This thread got me thinking about how it's waaaaaay past due for managing my passwords more effectively. After reinstalling Kepass Professional I'm liking it very much now!
When I tried it years ago I had some difficulties with it and not get it to work correctly. I can't remember if I was using the .NET version or not. Now it works just as I expect it too. Feel much better using secure unique passwords as I was using 1 -3 similar passwords across all sites I'm registered with. Absolutely horrid thing to do, but now I can safely say I'm done creating passwords that way. Now EVERY site; banking, community forums, e-mail... BBR has a unique lengthy password (when allowed) that I don't even know. KeePass stores it all in a database file. Database file is backed up of course as part of my external system/data backup images, and a separate database file is backed up to a USB key.
EDIT: Just read up how you should NOT keep the database file and the key file in the same folder/directory. So I may change that, but at the moment I'm not sure what the reason behind this is? The keyfile itself is useless without the master password to the database file and the master password to the datasbase is useless without the keyfile...
Shady Bimmer
Premium Member
join:2001-12-03

1 recommendation

Shady Bimmer

Premium Member

I'm a longtime KeePass user but have recently switched to 1Password.
said by Dustyn:

EDIT: Just read up how you should NOT keep the database file and the key file in the same folder/directory. So I may change that, but at the moment I'm not sure what the reason behind this is?

The purpose of the keyfile is an additional protection: an additional piece of information that would need to be obtained/compromised. In other words, compromise of your passphrase alone is not sufficient to gain access.

If you keep your keyfile and database together, there may be little additional security benefit over just using a strong passphrase (with no keyfile).

I kept my keyfile on a USB key that was also securely archived to protect in the event of a failure of the USB key.

There are a few threads in the KeePass forums which cover this question, but one recent one: »sourceforge.net/p/keepas ··· d88d47c/

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

Dustyn

Premium Member

Thanks for the info!