How to recover if locked out of database

[mdc7839]

Hi guys,

I am completely new to Keepass having just set it up this week.

I found an excellent setup video and got it all working perfectly on my Win10 PC but then had a problem using Keepass2Android and changing the location of my key file on the phone. As the database was opened from my cloud account it corrupted the file so I couldn’t open it my PC or my phone.

All that is besides the point because I’ve set it all up again and it’s working but my concern is that if I make any changes in terms of using a new or different device or some such other change and I get locked out again is there some kind of recovery option to get me back in.

My concern is that I need to feel sure I can rely on this to always be accessible and that there is a way of dealing with any problems so I am never locked out and end up losing all my passwords.

[steelej]

There is no way of unlocking your database without having the full login credentials. Having a keyfile on the android phone actually does nothing to improve your security and as you have found greatly increases the chance of locking you out. There is a plugin that allows a quick unlock on a pc but I don't use it.

If you have corrupted your database file, and being unable to open it on the phone should not have corrupted it, you should be still able to access it on your PC unless it is the key fle you have corrupted.

Many cloud services allow you to roll back versions so you might be able to recover your access that way

If the key file is stored in the cloud then this might be possible but doing this totally negates ANY advantage of having a key file.

A key file can add security but only if it is kept on a totally separate device such as a memory stick that is plugged in when only you need it. That does not work on a phone. A Key file mist NEVER be stored in the cloud.

Think about it - If you keep the key file on the phone any attack on the phone would also have access to the keyfile! This negates the benefit of having a key file and probably gives you a totally unfounded false sense of security. On a PC the key file must be managed carefully. It should never be stored on the PC but if your memory stick gets lost, or corrupted, you will never be able to recover your database. You will need a backup! There is no way to recover the database without your password and, if used, your key file.

As you are new to KeePass I suggest you just use a reasonable length password of about 12 or ideally a few more characters. The length is a compromise between accuracy of typing on a phone keyboard and the level of protection. Other forum members can give advice on the length. There are numerous posts on this topic!

I recall you can configure Keepass2android to have a quick unlock with a shorter password for subsequent logons that helps. I rarely use it these days on my phone.

[mdc7839]

Thanks steelej for you kind reply. I've given up the idea of using a keyfile because I ran into similar problems with both Keepass and KeepassXC and I need to know my data is safe and I'm not going to lose it because of getting locked out. I'm now using a long passphrase that I can always remember out of my head.

To avoid using cloud services I set up Syncthing between my android10 phone and my Win10 PC. I was trying the idea of storing my keyfile in an online vault in a password protected zip file. Having already set up Keepass2android on my phone I pointed the app at the keyfile I copied onto my phones external microsd card and things were working fine. Then I tried testing the zip file containing an identical copy of the keyfile to my phone. After unzipping that copy and placing it into a different folder in my phones internal memory I then tried pointing the app at that copy and that's where the corruption seems to have happened. As I had Syncthing running it then copied the corruption to my PC so neither database would open. I can't remember what went wrong with KeepassXC but again it involved a problem trying to use a keyfile.

I've gone back to using the regular Keepass along with Keepass2android and I'm all fine now. I simply went through the setup again and it's all working but without the headache of any keyfile tripping things up.

Keyfiles might add an extra layer of security but they also add an extra way of wrecking your database and causing people to lose all their data. If the developers want to insist on pursuing the idea of recommending keyfiles perhaps they need to consider working out building in some kind of recovery method so people have a way of getting their data back if things go wrong.

[Paul]

We do not recommend key files - just as we warn against using Windows User Account. They are available for those who want them.

You MUST make regular backups of your database - it may be the most important single file you have. See the Backup Wiki for details.

cheers, Paul