![]() ![]() Once you have make your choice, you can add some description to your database.Įntering databases details and descriptionĪnd finaly print an emergency sheet to remember important informations about your newly created password database.įrom the main window, select on the left the topic of your new desired entry, here "Internet" is selected for the test. There is also a proof of concept that explain how to crack your database when this option is selected. This is a good choice if you plan to store your database on the cloud (for example with CERNBOX), so it can't be decyphered without the key file that you will always keep with you on a USB key for example.Īnd finally the last proposed solution is to use the Windows user account as part of the key.ĭespite it seems a good idea, it's important to note that you will not be able to open your database from another device except one where you are using the same Windows user account with the same name, but also connected to the same domain. The key will be then composed by the "Master Password" + "Key file" The second possibility, if you select "Show expert options", will let you add a key file in addition of the Master Password to protect your database. The first possibility is to only use a Master password to decypher the database, it's the easiest solution, and can be considered secure if the Master Password is strong enough What kind of Composite Master Key to choose ? the key that will be used to decypher your database) you will be proposed three possbilities: When creating the Composite Master Key (ie. No matter which option you choose, be sure to always keep a backup of your database ! Store it on a USB key to always keep your precious secrets with you.Store it locally if you consider that you will always use only your local machine to access it.Store your database on a cloud service like CERNBOX, then your database will be accessible from any other device running the same cloud service with a compatible Keepass client (this include your laptop, iphone, or other Android tablet for example).Run Keepass then select "File" -> "New" then the message box below will appear, READ IT CAREFULLY ! Pease select the appropriate box in the webpage and click on " Save" As for the sync issue, I did it manually, there is a feature called keeshare, that offers sync options, however I could only find docs in the beta page, so it's functionally/stability may be limited.Keepass 2.x is available in CMF, so you can install it as any other software with the CMF "add/remove package" icon.Building off of another question increasing iteration and using a strong master password will make brute force harder, though slow down the app.You may not want to store the totp data with the keypassxc database.If really paranoid, you can get a pin protected USB, but that more to remember. ![]() this allows you to have the password on go (if stolen/lost they still need master password).keep another DB/key file on a USB stick ( the master password stay separate).(cloud storage user cannot decrypt if storage is not the key file isn't accessible.) Alternatively, there is a phone app option. Keep the master password and key file (if applicable) out of the cloud storage. Store one of the vaults in a trusted/one you comfortable with cloud storage (this solves the offsite need). So syncing will be an issue and difficult if the off-site copy is in a bank vault for example.Īssuming Windows pc with a not high-value target, modist risk. Second is the need to sync, a backup database that out of date is not too helpful. Off-site backups are important, but then you need to trust the offsite location. In General, having 2 or more backups is good, BUT all in the same space is bad. If you are a high-value target this conversation would be different. Your risk tolerance is really based on your own comfort level and personal threat level. Full disclosure is more opinion than fact: (I used KeyPass/XC for a few years, but switch to a different service due to sync difficulty)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |