Are any fields less safe than others?

  • DavidB

    DavidB - 2014-05-22

    I am wondering if any fields in KeePass are less safe than others?

    For example, say I register in a forum and I save my user name and password in their respective fields in KeePass: "User name" and "Password".

    However, when I first register with a forum, the admin of those forums might send me an email confirming my registration in the forum, as well as confirming my username and password. I sometimes copy and paste this entire email, in plaintext, into the "Notes" section of that entry in KeePass. That way, if I second-guess myself later, I have the original email on hand to confirm my account information.

    Now I am wondering if this is bad practice. Perhaps the "Notes" section of KeePass is not as heavily secured as the proper "Password" field. Or perhaps all fields are equally well-secured.

    Any info either way?

  • wellread1

    wellread1 - 2014-05-22

    When a KeePass database is unlocked, sensitive data such as entry passwords and the master key are stored encrypted in process memory. If this is deemed insufficient, maximum security is achieved by locking the database.

    There is always a tradeoff between security and factors such as convenience, usability, and performance. Keep in mind, that given the current state of computer technology, it is usually not possible to use data without exposing it at least temporarily. Hence one should not rely exclusively on KeePass for security; general computer security measures and your usage habits are also an important component of overall security.

    Last edit: wellread1 2014-05-22
  • Paul

    Paul - 2014-05-22

    The KeePass database is encrypted as a whole, so all information, including Notes, is equally secure. This is not the case once the database is unlocked, as indicated by wellread above.

    cheers, Paul


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks