Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.
Charles L. Daris
Unable to link your app in my Android phone with p/w safe data file; the file will not open. So, what if I just make the p/w data file in my Google Drive available and use it when I need a p/w? It's password protected. Is it safe?
I'm interested in hearing from those more attuned to security issues, but I'm assuming that the encryption is good enough that having the file in an online repository (e.g. Google Drive) is good enough for all practical purposes. I use the Google Drive approach, and it's nice not to have to manually update a file on my phone (something I'd never remember to do).
I've wondered whether the data in password safe might be compromised when it's open in a remote location as data is exchanged. I assume there's little or no risk if you have an SSL connection. If you don't have a secure connection, you'd be entering your PW Safe password in plain text across the Internet, which could allow someone to learn it.
The encryption scheme used by PasswordSafe is good enough for me to use it on a DropBox/Google Drive/SugarSync/Wuala/etc. cloud storage solution. Another developer of PasswordSafe prefers not to trust the strength of the encryption, and avoid the cloud for his database.
Another advantage of using the cloud is the automatic backup if/when your main PC's disk goes belly-up.
Of course, using a strong password is a must if your database is on the cloud.
As to Mick's concern, when you run the application on your PC with the database on the cloud, the only transfer being done is the encrypted database being read in / written out. Unencrypted records do not leave the PasswordSafe application unless you explicitly export to text/xml.
Hope this helps.
Thanks to all of you for your reassurances.