Assume your (KeePass 2.xx) database is protected by a master password only.
Say Keepass had these additional options selectable inside database:
1) Password hint to try recovering master password
2) Answering security questions to try opening database
You select one option, perform the set-up then save your database.
Case: Forgotten Password
It's been a while since you last opened your database, and you forgot the password. Also, you lost the written down copy, so what can you do? You can request a password hint to aid in trying to recover your current password, or request security questions and have a chance to answer them correctly to open your database.
For myself, I'm comfortable using KeePass since I always keep an update copy of my master password in a secure place and also keep back-ups my database after a change. Nevertheless, other people may not want to do what I do, and would be more comfortable having a second chance of opening their database.
I guessing the developer has considered these options or something similar already. Just for discussion, does anyone think these options or something better might be worthwhile for KeePass to have?
Yea I also copied and pasted the security questions/answers into KeePass from sites requiring them, because I could never remember the answers I put down.
I have used various hints and questions over the years and I have yet to remember the answers to any of them - when a site requires them I save the answers in KeePass.
Why don't you use the answer of your security question as your master password?
"Why don't you use the answer of your security question as your master password?"
Your suggestion is another good way.
What I meant was if you forgot your master password, then your security question is answered with a different (or second) master password of similar password quality or strength. It might be better to answer two or more security questions if you forgot the main master password(like you enter in KeePass now). The answers would be different from your main one, but easier to remember.
I guess there's several ways to do this.
Thanks for replying,
Most answers to security question are too weak to be suitable for use as a Master Key. Your best solution is probably your original solution, simply store the Master Key in a secure location (e.g. a safe deposit box).
Account/Password recovery schemes are most useful in client server configurations (browserclient-webserver) where authentication takes place on the server and can also be more easily separated from data protection. KeePass adopts a simpler scheme that is appropriate to it being open source and self contained.
If you wanted to store a backup Master Key using a different (e.g. easier) password you could simply create a secondary KeePass database to hold the Master Key of the primary database. If you use the data structure defined in the KeeAutoExec plugin then the secondary database could be used to open the primary database directly (if the KeeAutoExec plugin is installed). However, this strategy strikes me as overly complex and would suffer from the problem previously mentioned by Paul.
'wellread' replied: "If you wanted to store a backup Master Key using a different (e.g. easier) password you could simply create a secondary KeePass database to hold the Master Key of the primary database."
This method works for me, and I thank all of you for your fast and great support.
Be aware that if you change the Master Key on your primary database, the "backup" Master Key saved in the secondary database will be invalid until you update it.