I'm a couple of days into trying out KeePass... I like it a lot. And I have some general questions. Do you guys tend to keep the GUI open while you're online? It's a PITA to close it and have to renter the master password when I need to open it again. But I see that Lock Workspace feature, and it makes me think that the devs believe there is a security concern to keep it open? Another question involves Key files. I've read some guys saying that a master password & key file combo is the way to go. And it looks like a user can either pick a key file himself or let KP create a key file. What puzzles me is if I select one, isn't it encrypted by the program? How does that happen? I must be missing something there. And I am assuming that if a user allows KP to generate the key file, that it is encrypted. It seems to me that the two best steps a user can take with KP to thwart keyloggers, are: 1) two-channel auto-type obfuscation and 2) enter master key on secure desktop. But I wonder if there is a way to determine if secure desktop is working? One other question for now... is KP designed to both open a website and fill in the username/password fields at the same time? Because so far, I have just been able to get it to log in (Perform Auto-Type) after I have opened the webpage myself. When I included the url in there, nothing worked right. Oh yeah, one more... are the icons limited to those that are in the KP GUI, or can a user import icons that are native to each respective sites, like the Wilders icon and the BBR icon, etc. Any input appreciated.