Any Keepass feedback from the community?


#1

Hi all,

As a long-time follower of @aral, I have made significant changes to the way I am using tech these last few months.

Note: Efforts I have summarized (just fyi) in this blog post “Personal Data Privacy: start off 2017 on the right foot”.

My question: Anybody here has experience with Keepass?

I want to gradually get away from LastPass but can’t find anything discussed on this specific technology.

Do you mind sharing your personal experience on the subject of password management?

thx!


#2

Aral and I both use 1password. Though it’s not free and open, it is very well designed, and works well across devices.


#3

Just read your blog, @flopreynat. I love it! Really great to have smart people talking about these issues, and it’s fascinating to see how you communicate the complicated ideas.


#4

Thanks for the praise.
Been thinking about all this a lot these last few months.
So the prez is getting fine-tuned indeed.


#5

I personally use Lastpass and have no real issue with the way it’s designed. Ok, it is a bit buggy at times, but it generally works ok.

But I’m trying to get away from the cloud password manager idea. They get hacked. I have no doubt Lastpass will eventually get hacked. Now when this happens, I’ll be gutted.

Keepass is local only I believe.


#6

I use KeePassX on Mac and Android. I sync the passwords file using OwnCloud on a DigitalOcean server. A bit longwinded but possibly more secure than using cloud password manager?


#7

Hi @growdigital,

I see it was the only option using Keepass at the time (windows only).
Are you happy with it though?

Thanks for the feedback, mate.


#8

What are the devices you want to use it on?

1Password with Dropbox sync is an option. Enpass is like LastPass but with no cloud sync. That sounds like a good solution for you.

I personally use 1Password for Families. It’s on the 1Password cloud that runs on AWS. So a Canadian company that runs on a US server. I know that if I really want something secure I shouldnt use it. But it’s a great service by people that care about your privacy so I think I’m fine for now.


#9

Hi @jelle, i want to stay off cloud so thanks for your suggestion. I’ll take a look at Enpass.
Dropbox, 1Password not an option at this moment…


#10

I use pass, and use Syncthing to share between all my devices.

I’ll admit that I do also use Firefox sync for many un-important websites, though that’s mainly because I haven’t seen a nice add-on which ties into pass yet, and the idea of having my passwords (even encrypted) on someone else’s servers doesn’t sit well with me.


#11

I use a TREZOR, which ships with a really nice password manager that stores the password encrypted on Dropbox or Drive. The password manager currently only works as a Chrome/Chromium extension though.

In general I can only recommend the TREZOR, since it also works as a U2F device and of course as a wallet for various digital currencies.


#12

I use 1Password as well. I chose the WiFi Sync instead of using their Cloud service and or Dropbox or other Cloud-based Sync methods. This works pretty fine, and it only happened once that I missed a password due to my device not syncing for a while. Anyway, I love the way it works without a cloud but still very conveniently.

I bet there are other software as well that serves the need similarly but I’d never store my passwords in the cloud. Lastpass already had its data leak a year ago or so. Keepass is still nice but without proper syncing to my phone this will not be convenient enough for me.


#13

I use keepassx as well for cross-platform compatibility and also have it synced between my devices on a personal cloud stored on my NAS.

Generally speaking it seems all the above answers are based on a variety of password manager(s) synced using a variety of ways (dropbox, drive, etc…)

The major flaws I see with this method are :

  • if another entity has a copy of your password database (e.g. online-third-party sync services)
  • if you become amnesic and forget your main password or passphrase (e.g. after an accident)
  • if you mess up in your sync system and erasing it on one device erases all other copies you have on your other devices. Although i admit the chance of that ever happening could be close to nothing, I tend to think having a synced password database does not dispense you from backing it up once a year or so.

The real danger to me is the loss of your main key through no fault of your own (amnesia). Having thought a bit over it I have considered a viable fail-safe would be opening a safe vault to my name and storing a written copy in there. Eventually after amnesia you could discover a paper trail back to the vault and recover your precious data. Kinda james-bondish a method and with a price tag on it so this is only thoughts for now :slight_smile:


#14

thanks for your insight, James :wink:

Liking what I’m reading. Keepassx is indeed what I’m currently checking out.


#15

SecureSafe is my favourite password manager app. It is Swiss, basic and easy to use. They also have a facility for a relative or friend after your death.
A good, well encrypted app from the US is : Codebook Password Manager. It is open source and there is a desktop app too.


#16

I have been using KeepassX for a long time and I haven’t found any problems with it. For a while I had syncthing set up to sync it between devices, but at the moment I am helping set up a nextclould server for my family and I am going to use that to sync everything instead.

As far as losing your main password goes, one method of backing up passwords is to have a thumb drive that has a backup version of the database and a separate text file (either on the same drive or somewhere similarly offline) that has what I would need to recover the password if you ever forget it for some reason. It isn’t particularly secure because of the way legal precedent is going, but ‘I forgot my master password and lost my backup’ may be sufficient for plausible deniability even after publicly stating that something like that exists.


#17

I have tried a lot of password managers, the only one i feel comfortable with is Encryptr from Spideroak, me and my friends have used it for over a year now and i’m very happy with it.