MobileRead Forums - View Single Post

Katsunami · 04-18-2013, 11:49 AM

I've got my Keepass database stored in DropBox.

To protect it, beside having a password, I use a keyfile beside the normal password of the database. (This is a randomly generated file, used as a key to encrypt the database.) I've got a small USB-stick with me, which I put into the notebook as soon as I need to open Keepass. As soon as I go away from the notebook, I pull the USB-stick out, taking the keyfile with me.

I do the same on my workstation computer, but I only take out the USB-stick if I'm going on vacation or something. The chance of someone breaking into the house and stealing the entire workstation from my study is quite small.

Of course, the keyfile is NOT in Dropbox, and the password isn't either.

All of my accounts at stores and websites have passwords that are generated randomly by Keepass, and I never save any passwords in the browser, except for not so important stuff such as forums.

So, if someone gets a hold of my laptop, he can visit some forums and destory my accounts there, which would be annoying, but not really threatening. He won't be able to access anything else such as stores, email, or banking info, as far as I can see, as he will need the Keepass keyfile and password in addition to the database. Even if he gets the keyfile because I forgot to take the USB-stick out of the notebook, then he still won't have the password, and that last bit of information is not saved anywhere, ever, except in my head.

My phone and tablet run KeepassDroid. They have the keyfile stored, so it'd be possible to steal them, or get a hold of them and obtain both the database and the keyfile. However, the tablet and phone don't have the Keepass password stored anywhere, so stealing them is a no go also. (And they are also protected by a login pattern; the database and keyfile are in the internal memory, not on an SD-card.)

Apart from some forums, it seems my data is safe, except when a site, store, bank or something is directly hacked. Then the information in that particular place could be lost or misused.

04-18-2013, 11:49 AM	#30
Katsunami Grand Sorcerer Posts: 6,111 Karma: 34000001 Join Date: Mar 2008 Device: KPW1, KA1	I've got my Keepass database stored in DropBox. To protect it, beside having a password, I use a keyfile beside the normal password of the database. (This is a randomly generated file, used as a key to encrypt the database.) I've got a small USB-stick with me, which I put into the notebook as soon as I need to open Keepass. As soon as I go away from the notebook, I pull the USB-stick out, taking the keyfile with me. I do the same on my workstation computer, but I only take out the USB-stick if I'm going on vacation or something. The chance of someone breaking into the house and stealing the entire workstation from my study is quite small. Of course, the keyfile is NOT in Dropbox, and the password isn't either. All of my accounts at stores and websites have passwords that are generated randomly by Keepass, and I never save any passwords in the browser, except for not so important stuff such as forums. So, if someone gets a hold of my laptop, he can visit some forums and destory my accounts there, which would be annoying, but not really threatening. He won't be able to access anything else such as stores, email, or banking info, as far as I can see, as he will need the Keepass keyfile and password in addition to the database. Even if he gets the keyfile because I forgot to take the USB-stick out of the notebook, then he still won't have the password, and that last bit of information is not saved anywhere, ever, except in my head. My phone and tablet run KeepassDroid. They have the keyfile stored, so it'd be possible to steal them, or get a hold of them and obtain both the database and the keyfile. However, the tablet and phone don't have the Keepass password stored anywhere, so stealing them is a no go also. (And they are also protected by a login pattern; the database and keyfile are in the internal memory, not on an SD-card.) Apart from some forums, it seems my data is safe, except when a site, store, bank or something is directly hacked. Then the information in that particular place could be lost or misused. Last edited by Katsunami; 04-18-2013 at 11:55 AM.