Anyone Use Keepass?

For my Network Security class I had to try out Keepass. It seems pretty neat, and was wondering if any of you use it, and what your thoughts on it are before I use it on my actual computer and delegate all my online accounts to it.

 

I've used KeePass 1.x for quite some time now and think its very good. I can't state from a position of knowledge whether it is totally secure from all possible attacks, but I would think it is sufficient for the majority of us mere mortals. I have certainly had no security issues and it is very easy to use. It is also portable and can be used on other computers easily.

I note you use Prevx, I have found that Prevx SafeOnline doesn't protect your credentials when you use the drag and drop function of KeePass to enter details. I don't consider this a big deal though as PSOL credential protection is only a small part of the protection it provides.

 

I've used Keepass for a number of years and I like it very much. I agree with Zorak that it appears to be more than adequately secure. I also like that it is available for several platforms.

 

I used keepass for a long time and I think it is very good. I switched to LastPass though for the cross browser, cloud support.

 

I think I would rather use Keepass after the recent breach with LastPass; I have never trusted the cloud and never will.

 

Yes, I appreciate the risks and concerns. One additional protection offered by LastPass is multi-factor authentication (MFA). In the recent case where there was a slim possibility that encrypted data had leaked users who were using MFA were still protected because a USB key (or Yubi key) is needed along with the master password to access the "vault". MFA for LastPass is a premium feature, but the cost of a subscription is trivial ($1/month).

MFA is a good idea regardless of what software you use to hold your logon credentials. It is also currently offered by my bank via SMS - when I log in they send a text to my phone with an additional "one time" code.

 

I would second just about everything previously stated in this thread, given that I have used KeePass in its various iterations for longer than I care to remember. It has never let me down and seems secure (although I believe that KeePass 2 is even more secure).

A couple of other reasons for using it are (i) the plugins available for it. All very useful in my opinion, and (ii) the fact that there is a Windows Mobile version availabe which means I can key my passwords available on my smartphone when out & about (not apparently available for Windows 7 Phone though).

 

I'm barely ok with allowing my passwords to be sync'd on Google's servers with Chrome... no way in hell I trust some random company with all of that information.

I don't know anything about that company or its track record.

 

If you are referring to KeePass the data that it keeps resides on your PC...as KeePass is not cloud enabled...so you are in control of your data. I have been using this product for years and over that time have checked on whether there are any 'leaks' and there are none that I can find...plus I have never suffered a breach of security in terms of my passwords.

If you are "barely ok" in terms of Chrome then I believe that you have nothing to fear from KeePass. Personally, I won't let Chrome anywhere near my PC, given what it sends back to Google.

 

Must be confusing it with lastpass.

And as for what Chrome sends back... feel free to have a look.

http://www.mattcutts.com/blog/google-chrome-communication/

 

Thanks for the information. Interesting but given what Google are, their avowed mission, and past experience, I for one will not be using Chrome. Paranoid I may be viewed as but safer I would rather be.

 

What about their past experiences have made them look bad?

I just don't see how you can be paranoid when you can find the source code for everything in Chrome (except for Flash) and see for yourself that there's nothing nefarious going on.

 

Is there any kind of sync feature on it so I could keep an installed version on my computer and a portable version on my USB drive, both for backup and so I could use it to log into sites if I'm not at home?

 

I install Keepass 2 onto every system I use for a prolonged period of time, and I also use the Keefox add-on for it, which auto-fills username and password fields for you from Keepass provided that you are using Firefox and that Keepass is up and running. For other browsers the global auto-type hotkey works pretty well, although sometimes I have to pull Keepass up from the system tray and manually execute the 'perform auto-type' function for the right password entry.

Keepass 1 is more portable since it doesn't require .NET, so I have that on a thumb drive. (You can export your password file from version 2 to version 1 format).

The main inconvenience involves having to make sure that each machine I use has an up-to-date version of my password file -- I take it that lastpass has solved this issue with its cloud approach.

 

Apparently the one I tried was KeePass 2, and they do have a portable version for that, but is there a way to transfer logins between the two so I could keep one on my USB and one on my PC, but keep them in sync?

 

I use chrome and I use Keepass, chrome has a option where you can alow chromes password manager to keep your passwords. NO NO, not going to do it. I don't trust Google with my passwords.

 

When I want to use my log-ins on a laptop I just use KeePass as a portable app on a USB Drive and copy the KeePass database file from my desktop to it. If I make changes to the database while using the laptop I just copy the new file back. It is only a single file so not hard to keep track of changes to it. I don't know if there is a built-in sync function in KeePass but you could just use Microsoft's Sync-Toy or something similar if you want to automate the process.

 

This is me rolling my eyes... enjoy -->

 

The portable version of keepass 2 only runs on systems wıth .NET (therefore version 1 ıs more portable, but i prefer version 2 plugins).

I "sync" it by copying the password file to alternate systems and the thumb drive I carry on my key chain. I suppose I could store the password fıle in "My Dropbox" to institute automatic cloud based syncing, but I don´t trust Dropbox wıth stuff like that.

Note: I don´t know if it´s possible to sync entries between two password files. I just copy the fıle to other systems whenever I add or change an entry in it. Naturally I have to be careful not to make changes in two instances of the file on separate systems, or to export any new or modified entries ın it.

 

Why do you trust it with your history, cache, and cookies?

 

Been using keepass 2.x version for the past half year or so and never had any problems with it so far. I was using the 1.x version for the past 2 years or so prior to using the 2.x version. If you don't trust it then you can block it from phoning home I guess

 

One last question before I decide to use it; do any sites have a problem with dragging the password onto it, like do any require you to type the password in?

 

I can delete the history, cash, cookies which puts them into the HDs freespace then I Erase/overwrite the freespace.

 

Google can upload those before you delete them, but I realistically doubt that. I wouldn't be deleting cash if I were you.

As for Keepass, it's okay, but not for me. I store my non-crucial passwords in Lastpass, and keep essential ones in my head.

 

I seem to recall a website once (can't remember the one) which didn't accept drag and drop, so used context menu copy and paste instead. KeePass also has auto-complete options, but I have never actually tried them.