Anyone Use Keepass?

Discussion in 'other software & services' started by Brandonn2010, May 22, 2011.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    For my Network Security class I had to try out Keepass. It seems pretty neat, and was wondering if any of you use it, and what your thoughts on it are before I use it on my actual computer and delegate all my online accounts to it.
     
  2. Zorak

    Zorak Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    149
    Location:
    Australian Capital Territory
    I've used KeePass 1.x for quite some time now and think its very good. I can't state from a position of knowledge whether it is totally secure from all possible attacks, but I would think it is sufficient for the majority of us mere mortals. I have certainly had no security issues and it is very easy to use. It is also portable and can be used on other computers easily.

    I note you use Prevx, I have found that Prevx SafeOnline doesn't protect your credentials when you use the drag and drop function of KeePass to enter details. I don't consider this a big deal though as PSOL credential protection is only a small part of the protection it provides.
     
  3. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    I've used Keepass for a number of years and I like it very much. I agree with Zorak that it appears to be more than adequately secure. I also like that it is available for several platforms.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I used keepass for a long time and I think it is very good. I switched to LastPass though for the cross browser, cloud support.
     
  5. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    I think I would rather use Keepass after the recent breach with LastPass; I have never trusted the cloud and never will.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Yes, I appreciate the risks and concerns. One additional protection offered by LastPass is multi-factor authentication (MFA). In the recent case where there was a slim possibility that encrypted data had leaked users who were using MFA were still protected because a USB key (or Yubi key) is needed along with the master password to access the "vault". MFA for LastPass is a premium feature, but the cost of a subscription is trivial ($1/month).

    MFA is a good idea regardless of what software you use to hold your logon credentials. It is also currently offered by my bank via SMS - when I log in they send a text to my phone with an additional "one time" code.
     
  7. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,299
    Location:
    South Wales, UK
    I would second just about everything previously stated in this thread, given that I have used KeePass in its various iterations for longer than I care to remember. It has never let me down and seems secure (although I believe that KeePass 2 is even more secure).

    A couple of other reasons for using it are (i) the plugins available for it. All very useful in my opinion, and (ii) the fact that there is a Windows Mobile version availabe which means I can key my passwords available on my smartphone when out & about (not apparently available for Windows 7 Phone though).
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm barely ok with allowing my passwords to be sync'd on Google's servers with Chrome... no way in hell I trust some random company with all of that information.

    I don't know anything about that company or its track record.
     
  9. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,299
    Location:
    South Wales, UK
    If you are referring to KeePass the data that it keeps resides on your PC...as KeePass is not cloud enabled...so you are in control of your data. I have been using this product for years and over that time have checked on whether there are any 'leaks' and there are none that I can find...plus I have never suffered a breach of security in terms of my passwords.

    If you are "barely ok" in terms of Chrome then I believe that you have nothing to fear from KeePass. Personally, I won't let Chrome anywhere near my PC, given what it sends back to Google. :eek:
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  11. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,299
    Location:
    South Wales, UK
    Thanks for the information. Interesting but given what Google are, their avowed mission, and past experience, I for one will not be using Chrome. Paranoid I may be viewed as but safer I would rather be. ;)
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    What about their past experiences have made them look bad?

    I just don't see how you can be paranoid when you can find the source code for everything in Chrome (except for Flash) and see for yourself that there's nothing nefarious going on.
     
  13. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Is there any kind of sync feature on it so I could keep an installed version on my computer and a portable version on my USB drive, both for backup and so I could use it to log into sites if I'm not at home?
     
  14. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    I install Keepass 2 onto every system I use for a prolonged period of time, and I also use the Keefox add-on for it, which auto-fills username and password fields for you from Keepass provided that you are using Firefox and that Keepass is up and running. For other browsers the global auto-type hotkey works pretty well, although sometimes I have to pull Keepass up from the system tray and manually execute the 'perform auto-type' function for the right password entry.

    Keepass 1 is more portable since it doesn't require .NET, so I have that on a thumb drive. (You can export your password file from version 2 to version 1 format).

    The main inconvenience involves having to make sure that each machine I use has an up-to-date version of my password file -- I take it that lastpass has solved this issue with its cloud approach.
     
  15. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Apparently the one I tried was KeePass 2, and they do have a portable version for that, but is there a way to transfer logins between the two so I could keep one on my USB and one on my PC, but keep them in sync?
     
  16. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I use chrome and I use Keepass, chrome has a option where you can alow chromes password manager to keep your passwords. NO NO, not going to do it. I don't trust Google with my passwords.
     
  17. Zorak

    Zorak Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    149
    Location:
    Australian Capital Territory
    When I want to use my log-ins on a laptop I just use KeePass as a portable app on a USB Drive and copy the KeePass database file from my desktop to it. If I make changes to the database while using the laptop I just copy the new file back. It is only a single file so not hard to keep track of changes to it. I don't know if there is a built-in sync function in KeePass but you could just use Microsoft's Sync-Toy or something similar if you want to automate the process.
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This is me rolling my eyes... enjoy --> :rolleyes:
     
  19. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    The portable version of keepass 2 only runs on systems wıth .NET (therefore version 1 ıs more portable, but i prefer version 2 plugins).

    I "sync" it by copying the password file to alternate systems and the thumb drive I carry on my key chain. I suppose I could store the password fıle in "My Dropbox" to institute automatic cloud based syncing, but I don´t trust Dropbox wıth stuff like that.

    Note: I don´t know if it´s possible to sync entries between two password files. I just copy the fıle to other systems whenever I add or change an entry in it. Naturally I have to be careful not to make changes in two instances of the file on separate systems, or to export any new or modified entries ın it.
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Why do you trust it with your history, cache, and cookies?
     
  21. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    Been using keepass 2.x version for the past half year or so and never had any problems with it so far. I was using the 1.x version for the past 2 years or so prior to using the 2.x version. If you don't trust it then you can block it from phoning home I guess
     
  22. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    One last question before I decide to use it; do any sites have a problem with dragging the password onto it, like do any require you to type the password in?
     
  23. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I can delete the history, cash, cookies which puts them into the HDs freespace then I Erase/overwrite the freespace.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Google can upload those before you delete them, but I realistically doubt that. I wouldn't be deleting cash if I were you.

    As for Keepass, it's okay, but not for me. I store my non-crucial passwords in Lastpass, and keep essential ones in my head.
     
  25. Zorak

    Zorak Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    149
    Location:
    Australian Capital Territory
    I seem to recall a website once (can't remember the one) which didn't accept drag and drop, so used context menu copy and paste instead. KeePass also has auto-complete options, but I have never actually tried them.
     
Loading...
Thread Status:
Not open for further replies.