How to handle accounts when you are not on your home PC? keepass and second db on a USB stick?

2013-07-14
2013-07-23
  • Samuel Zeit
    Samuel Zeit
    2013-07-14

    Hi,
    iam using Keepass for a few days now and i think it is great. But iam not sure how to handle situations when i need access to one of the accounts (i.e. my amazon account) which i gave a new cryptic password when i added my login information to keepass. On my home pc where keepass is installed and the database is stored there is no problem. But what to do when iam at a friends house or at work and no keepass is installed, and more important, my database is not there?

    I thought i could simply use a portable version of keepass on a USB stick (but this does not work at work where i use linux) but what about the database? Keeping the whole database on the stick seems a bit insecure to me, even if it is encrypted. How do you manage such situations, do you have a second/reduced database where you only store those account data you could need outside of you home (like amazon or email accounts)? Or do you use the whole database?
    And is there an easy way of creating a reduced database, one thing that i would do is, take the whole database delete everything from it that i do not need (using keepass) and then save it as another db? What keeps me from trying this is, that i am not sure if there is some kind of autosave which maybe could save the main database during the deleting seesion and all my data could be lost. So i think the better way would be some kind of export function.

     
    Last edit: Samuel Zeit 2013-07-14
  • wellread1
    wellread1
    2013-07-14

    If you wish to create a second database containing select entries simply copy the database file (.kdbx for KeePass 2.x). Open it, and delete whatever you want without affecting the primary database. Also KeePass 2.x can open multiple databases at once.

    If you are going to keep a copy of the database on portable media (e.g. USB drive) or public media (e.g. DropBox) you should make sure that you use a very strong Master Key. Some helpful information about password strength can be found in the Password Strength Wikipedia article and by using the GRC Brute Force calculator. A Master key with a 80-100 bit quality is probably adequate for most users. I do not recommend tricks like the the password haystack recommendation at the GRC site.

    If you use public media such as DropBox, using a key file that is accessible at each local site where you intend to use KeePass but NOT in a DropBox directory can help keep the Master Password size manageable while still providing excellent security.

     
  • Samuel Zeit
    Samuel Zeit
    2013-07-14

    Ok thanks but is having a second database on a usb stick the best way of handling case like when i want to check my mails on a friends pc or are there better ways? How do you handle such situations?

     
    Last edit: Samuel Zeit 2013-07-14
  • wellread1
    wellread1
    2013-07-14

    You have to assess your own requirements. If you want to access your passwords in KeePass you must have access to the .kdbx file. There are only so many ways to do that... e.g. via a usb drive or other removable media, on your smartphone, DropBox, FTP, WebDav etc...

    If none of these work for you then a product like LastPass may serve you better.

     
    Last edit: wellread1 2013-07-14
  • Samuel Zeit
    Samuel Zeit
    2013-07-14

    thanks but what are the general approaches others do to this matter? Is it usual to have access to the full database everywhere or is it more usual to have a second (or third) db for "external" use but a reduced one for the case it gets compromised?

     
  • Paul
    Paul
    2013-07-15

    I suspect most people just carry the full database around / have it on the web / dropbox etc.
    I would be more concerned about using my secure data on another machine, you don't know what viruses they have. To get around that I would use a One Time Password for my mail rather than opening KeePass.

    cheers, Paul

     
  • pspopuprpcpe
    pspopuprpcpe
    2013-07-23

    Hi,
    My 2 cents...
    I use Dropbox to store the DB, a usb pen to carry the key file and a pretty big but easily "writable" password. The pen is (mostly) always with me (part of the house/bike/car keychain).
    I'll have to take a look at one time passwords, now ;)