Feature request: Bind to TWO windows accounts

Ale_Axe
2012-09-27
2012-11-20
  • Ale_Axe
    Ale_Axe
    2012-09-27

    I'm using keepass on two PCs, work and home. If it was possible to add TWO windows accounts as credentials for keepass, I could enhance my account security without losing comfort and without the risk to lose my data once one windows account get's deleted.

    Do you think this is possible and a good idea?

     
  • Paul
    Paul
    2012-09-28

    This is not possible. A KeePass database has only one password.

    A work around would be to create 2 new databases that open with WUC and use the KeeAutoExec plug-in to open your real database.

    cheers, Paul

     
  • Ale_Axe
    Ale_Axe
    2012-09-29

    I know that it's not possible at the moment, that's why I called this a feature request. Using Windows user account as an (additional) security factor has the disadvantage of a high risk to lose the account. But if you could add more than one Windows account you would avoid this risk (and you wouldn't have to handle different database ;))

     
  • wellread1
    wellread1
    2012-09-29

    KeePass encrypts the database file using an encryption key derived by hashing the user supplied password using SHA-256.  See http://keepass.info/help/base/security.html.  SHA-256 is designed so that different passwords produce different encryption keys. As a result two (or multiple) independent user defined passwords (e.g. multiple Windows User Accounts as master key) are not possible.  Since you suggestion would require a security model entirely different than the one KeePass uses, the suggestion is unlikely to be implemented.

    -wellread1

     
  • Ale_Axe
    Ale_Axe
    2012-09-29

    Thank you wellread1. :)