reply to Dustyn
Re: Which password manager is the safest and most trustworthy? I'm a longtime KeePass user but have recently switched to 1Password.
said by Dustyn:The purpose of the keyfile is an additional protection: an additional piece of information that would need to be obtained/compromised. In other words, compromise of your passphrase alone is not sufficient to gain access.
EDIT: Just read up how you should NOT keep the database file and the key file in the same folder/directory. So I may change that, but at the moment I'm not sure what the reason behind this is?
If you keep your keyfile and database together, there may be little additional security benefit over just using a strong passphrase (with no keyfile).
I kept my keyfile on a USB key that was also securely archived to protect in the event of a failure of the USB key.
There are a few threads in the KeePass forums which cover this question, but one recent one: »sourceforge.net/p/keepass/discus···d88d47c/