Protecting Kee Pass

  • desgnr

    desgnr - 2014-05-16

    It's great that i can generate long passwords.
    But how do i protect Kee Pass with a password i can remember to log into Kee Pass & i store a backup on the Cloud & don't want anyone to be able to get into my files. ?

    • xlynx

      xlynx - 2014-06-09

      Besides increasing the complexity of your master password, you could:

      • Use a key file in addition to the your master password, and back it up to a separate cloud service.

      • Enable Two Factor Authentication on your cloud service (supported by Dropbox, Google Drive, Box, OneDrive and Cubby, and in Beta for SpiderOak). Otherwise, enable 2FA on your email, as that can be used to reset your cloud password.

      • Increase the number of hash rounds in your KeePass database (File -> Database Settings -> Security -> 1 Second Delay -> OK. This will greatly increase the difficulty of brute forcing your master password.

      • [Windows] Avoid screen & keyloggers by enabling ‘Enter master key on secure desktop‘ under Options -> Security.

      • Enable ‘Lock workspace after KeePass inactivity’ under Options -> Security. Also lock your workstation when unattended.

      • File system permissions - ensure the folders where you store your KeePass database and keyfile are not accessible to other accounts on your local computer. Remember some local accounts may be remotely accessible over various local services, so firewalls are relevant here too.

      Last edit: xlynx 2014-06-09
  • Paul

    Paul - 2014-05-16

    Backup to the cloud is fine but you don't want to make your database available to everyone - just in case someone decides to attempt to open it. There are many easier ways to persuade people to give up their secure data, so an encrypted database in the cloud is very unlikely to be targeted by a hacker.

    cheers, Paul

  • desgnr

    desgnr - 2014-05-16

    How do i encrypt the data base on the Cloud.

  • wellread1

    wellread1 - 2014-05-16

    The database is already encrypted. Use a strong password on the both database and cloud account.

  • desgnr

    desgnr - 2014-05-16

    I mean also for all files i put on the cloud.
    It's hard to have a long password for the KeePass data base because where will i keep that Password.
    Hiding is the purpose on having KeePass bit i need a safe way of getting in.

  • steelej

    steelej - 2014-05-16

    It is not a KeePass question but it depends on the cloud service you use. KeePass is already securely encrypted.

    I personally put all the personal files that I choose to place in cloud based storage in TeamDrive. This encrypts all files on the local PC before they are uploaded to the cloud. For the KeePass the database is therefore encrypted twice. Once with the TeamDrive key and once with the KeePass password. I have discussed security with TeamDrive and I am content that my privacy is sufficient for my purposes.

    SpiderOak is an alternative cloud server that encrypts data on your PC but I prefer TeamDrive.

  • wellread1

    wellread1 - 2014-05-16

    ...where will i keep that Password.[?]

    In your head and if desired, backed up in the secure location of your choice.

    I mean also for all files i put on the cloud.

    Encryption of cloud storage is beyond the scope of KeePass. You could look into an volume encryption utility such as TrueCrypt or encrypted cloud storage such as TeamDrive or SpiderOak. Otherwise a good starting point is a Google search.

  • Brittney Smith

    Brittney Smith - 2014-05-22

    "how do i protect Kee Pass with a password i can remember to log into KeePass"

    I think part of your question was, how to create (strong) PWs to use, that can be remembered; especially if not at home, where written copy could be stored?

    There are several "methods" - (find by searching) - where you "make up" PWs from things you know.
    MOST IMPORTANT: DON'T use data / info that others would be able to guess (like if they know you), or if that data might be accessible on the web or other (like, DOB, birthplace, date & location you were born or got married / divorced). Those are all in the public record.

    I won't go into long detail - these methods are easily found on the web.

    One method is taking 1 or 2 lines from a song, poem, book, etc., that you know well.
    - Take the 1st / last letter from each word of the song (or 2nd, or 1st 2 or last 2 letters, etc.).
    "Baby, ever since I met you I've been thinking of committing suicide. You make me puke," can become: bESimyibtoCSymmp.
    - Take other data that you know, but others couldn't guess - like birth dates of your cats, etc. Maybe some other "secret data" that you can remember.
    - The other "secret data" can be used as numbers (say, cat's DOB, # of guppies you have (25), the yr you purchase the house (1997), etc.) or converted to relatable special characters.
    "25" can be @%, etc.; Cat's birth date (mo/year) can be 12/2011 or equivalent !@@)!!, etc.

    • You insert memorable numbers AND spec. chars into the alpha string.
      Taking the alpha string above & the example #s / spec. chars here, it could become:
      I use PWs this long & longer for various DBs. Due to repeated use, can remember & type them in a few sec; & I have bad memory & am not "good" typist. :D

    It's fairly easy to create & remember a memorable 25 char (or more), random PW. Of course, you write the PW down (w/ explanation how it's derived) - store in safe place. For anything to be remembered, practice writing it a few times / day, for several days. Then you'll remember.

    The more obscure the song, poem, -OR - "personal data" you use to create PWs, the better. Even if someone that knows you guessed one of the data used, they'd have to guess all the others, then put them in correct order.

    ** I wouldn't use current hits, biggest hits of all time, the 1st line from Moby Dick, etc. Those are too common / well known. Pick something less globally popular, but familiar to you.


Log in to post a comment.