• Gensca

    With keepass, your passwords are changed and you only have to remember one password. what is to prevent a hacker from getting that password and being able a access all your accouts?

  • develop1

    your understanding is correct.
    when using keepass it is your responsibility to ensure that you are the only human on the planet that can decrypt the keepass database.

    Keepass gives you three distinct tools to encrypt your database.
    you may mix/match each of these tools but please know when you choose more than one
    than each and every one of them must be true for you (or anyone) to unlock the .kdbx file.

    you can encrypt the .kdbx with any combination of:
    a - master_password (something you know)
    b - keyfile (something you have)
    c - Windows_user_account (something you are)

    Most people use just option "a" (password only),
    and others use option "a" and "b" (password plus keyfile)

    however any permutation of a/b/c can be utilized its your choice of trying to balance ease of use with security.

    if you choose option "A" only (which is very common)
    then that single password becomes the key all your kingdom.

    This password needs to be a gloriously complex while at the same time
    something that is easy for you to remember and all the while something which is
    un-guessable by everyone.
    Something along the lines of this might fit the bill:


    the above is nothing more than
    "I played FootBall in high school #19 & kissed the head cheer leader"

    assuming the above true in your life then you likely would always remember that sentence and be able to instantly unlock your .kdbx file at will

    Now that your .kdbx file is secure and decrypt-able by you (and ONLY you)
    its now possible to go change each and every password you have throughout your life to system generated complex values that you could not possibly know/remember.

    you don't have to know/remember these new passwords because keepass woudl be doing that for you.
    So if your bank allows your account password to be upto 20 characters long and comprised of: upper/lower/letters/numbers
    then by all means change your banking password to a sysgen value such as:

    if the above was your banking password you would never need to remember that value as keepass would do that for you. for that matter you would never type that value either as keepass would do that for you too.

    The above logic would apply to every logon account you have in your life.
    you would NOT use the same password string for anything
    instead each and every password you have would be a different value.
    the only thing you would need to remember is your keepass master password ( and possibly your windows password to boot your PC).

    the above method keeps everything in your life secure and separated from everything else in your life. The keepass database is what unifies them all.
    This makes keepass datafile the single most important file you own so it is your primary job to ensure that you are the only human on the planet that can decrypt the file.