For those of us who have jumped ship from LastPass and have just started using Keepass; are there any must-haves to make the transition smoother? I have seen plugins like chromeIPass and CKP, but both seem to have a fairly small number of users and not many details on security. There are also mobile solutions like "Keepass2Android" which is open source and well rated. So which solutions/plugins/apps do you guys use with your Keepass? and how would you rate them?
I am currently using Keepass, just as trial incase i am no longer satisfied with lastpass. ChromelPass works well with many sites but does not work well with sites that have a drop down login interface or a popup interface for login. But overall it works as expected given the sites I access. There are two reasons why i think those extension you mentioned are not that popular, however ChromelPass is from a reputable contributor to the keepass project. IMO, all you need is keepasshttp and ChromelPass. Ist reason) ChromelPass requires the extension KeePassHttp to securely communicate between the native windows client and the browser over http. Some users may not trust this method or aspect of keepass given the extension is made someone else other than Keepass. 2nd reason) The idea of keepass has always been not to be cloud or browser dependent. If someone wants to access a login site, they can access the keepass GUI and have keepass autotype login for you. This may prevent keyloggers and act as a work around for the 1st reason. Overall the experience has been good. Most windows client based software will have a similar experience. Some however work better than others. But all use a browser plugin or extension of some sort that some may find either a positive or a negative. The usability of having your password synced accross multiple platforms IMO is not that good. In some cases hard to set up depending on which option you take. For this reason, 1password, Dashlane and others are better in my opinion. The ease at which lastpass can be used is far superior to any native client IMO. Its one of the man reasons for its success. I will continue to use keepass for the time being while still having my lastpass account. Keepass has many security functions such as masterpassword and keyfile, with my prefered use of the keyfile being in usb, or in an android storage container (in phone) etc. The project is very active with continuous development. Hope this helps. Regards.
Firefox 32b primary with KeeFox and Chrome 32b seldom use with chromeIPass. Setup Firefox Master Password too. My version of 2FA Edit: Firefox 64bit
MiniKeePass for iOS https://itunes.apple.com/us/app/minikeepass-secure-password/id451661808?mt=8 Works well for the isolated things I keep in it. I still use LastPass for most everything else.
hi i use with firefox ,and my laptop and desktop but not for android but about android i wonder how secure is having installed on a mobile phone
When creating a new password, do not forget to tick TCATO for an each entry, it is not enabled by default and it is somewhat hidden.
hi TairikuOkami thanks , i have never seen it before is there a global option ? is there a way to add this option to many passwords? thanks
When I create "new" I step through tabs and add Two-Channel Auto-Type Obfuscation. I'll use if site does not fill. Maybe, you'll like watching and prefer auto-type. Note: auto-type is not auto-fill.
yes sadly i have many password without Two-Channel Auto-Type Obfuscation in short i must edit every password and add this feature , i can 't add this feature to all my password with 1 click thanks
http://arstechnica.com/security/201...-encrypted-credentials-from-password-manager/ "Using a password manager is one of the biggest ways that average computer users can keep their online accounts secure, but their protection is pretty much meaningless when an end user's computer is compromised. Underscoring this often ignored truism is a recently released hacking tool that silently decrypts all user names, passwords, and notes stored by the KeePass password manager and writes them to a file."
If the computer is compromised, it is over. Then again a proper way is to have a keyfile on a separate device (USB) and plug it in only when needed. EDIT: KeeFarce is a nice tool, but it needs to be run first, that means either by a user or by itself, thanks to disabled UAC, enabled scripts and so on.
KeeFarce only works if running and if KeePass is running and the database is unlocked. Key files are great. Just make sure you have multiple copies stashed safely away somewhere just in case something happens to the key file in use.
Sure. But let's be real; most people in a non-public setting are going to open the database as soon as they start browsing (or at least at the first site that needs a login) and then keep it open until they're done browsing, probably until the next shutdown. Frankly, if I had to re-open the database for every login, I'd consider switching to pen and paper. Of course I would lock it if I'm getting up from the computer with someone else around, but if this malware gets on the system the database only needs to be open for a few seconds. As for the original topic, I like the plugin Favicon Downloader, which makes it easy to get the favicon for each entry.