Storing Kepass database in 2 locations

Sc
2014-02-06
2014-02-06
  • Sc
    Sc
    2014-02-06

    I am looking into a new password vault that I can sync across my Windows based PC's and android devices.

    There is a reputable android app (KeePassDroid) for KeePass,so here I am. KeePass seems very well built and I look forward to using it.

    My question -

    In order to be used across multiple devices I intend on storing/syncing KeePass's main database in a share folder on a cloud provider that all my devices will sync locally.

    In the really rare chance the database gets locally corrupted or cryptolocked by a virus on any of the devices that are cloud synced, hypothetically all viable copies of the database will be instantly corrupted as well.

    How do we protect against this?

    Is there an option to to have KeePass store the database in two different locations on the same system?

    In that scenario KeePass would open its database from it's default location whenever run but would require a prompt to save (close) the database when it's primary database (cloud,USB,other) is different from its secondary save location.

    I think a user optional secondary database save that is synced via prompt based on changes anytime the user closes the client on a system would be of great value if the above scenario were to play out.

     
  • wellread1
    wellread1
    2014-02-06

    In the really rare chance the database gets locally corrupted or cryptolocked by a virus on any of the devices that are cloud synced, hypothetically all viable copies of the database will be instantly corrupted as well.

    How do we protect against this?

    Make backups of the password database (default .kdbx) and if used, the key file (default .key). Keep them in unconnected locations. Store the database and key file (if any) in separate locations for maximum security. Backups can be made with a:

    1. Backup plugin.
    2. Backup trigger.
    3. Conventional backup program.
    4. Cloud service that maintains previous versions. This is not under the user's full control but may be useful in pinch.

    Is there an option to to have KeePass store the database in two different locations on the same system?

    Use/adapt the synchronization trigger recommended for use with cloud services or networks. Note: This is not equivalent to a backup because all database files are in use.

     
  • steelej
    steelej
    2014-02-06

    KeeypassDroid support for Keepass 2 is beta. Keepass2Android Password Safe does support Keepass version 2. You need version 2 to use triggers on PCs. Triggers do not work with the Android version.

    I have therefore set my Android copy of the database to be read only to eliminate any issues with conflicting updates. Note that I use TeamDrive for my cloud storage rather than Dropbox. I am more confident about their security and the data is encrypted on their file store as well as in transit. I know it is "belts and braces" as keePass is also encrypted.