Most people have keepass on their main computer. But how many backups of the keepass do you have? I assume the next one would be on your USB? Then the next one is on a USB? Another one on an external hard drive? However, do you always have a copy of it online somewhere? That is absolutely necessary right since you could have no access to any of your items etc?
If so, where do you keep your keepass in? I assume something like dropbox? What online places do you keep it?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi there. So does an iphone or ipad count as a 2nd one?
For the off site... when you say in the cloud you mean like dropbox or similar? Thus that way if you were to lose all your items, then you still have your password on cloud or dropbox right? Do most people cloud or dropbox?
I did not know usbs are less reliable than hard drives.
Another thing but does anyone here keep a copy of their passwords on paper? Whether typing it out and then printing it out or writing it out?
The thing is has anyone here had all their electronic devices go bad and could not get their passwords anymore because they only kept it in their computer only or and their usb or hard drive but had no more access to it? Because to me, wouldn't having it online probably be the most safest? Then its your main computer? Thus as long as you remember your cloud or dropbox password, you are fine? Because things like computers can go bad or other things etc.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Also what do you mean all backups should be non active copies?
non-active - not a database that is actively used, it is a recent static copy of the database known to be good.
For the off site... when you say in the cloud you mean like dropbox or similar? Thus that way if you were to lose all your items, then you still have your password on cloud or dropbox right?
Dropbox is a cloud service.
Do most people cloud or dropbox?
How many is most?
The thing is has anyone here had all their electronic devices go bad and could not get their passwords anymore because they only kept it in their computer only or and their usb or hard drive but had no more access to it?
How many people have their house burn down, get burglarized, or hit by lightning? You don't need to keep multiple backups in multiple locations if you think these can't happen to you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My setup is 100% automatic
it was "easy" to setup
and this yelds multiple backups at multiple physical locations
as well as let you recover from drunken/brain fart data entry.
copy #1 -- home laptop has a local file named [whatever].kdbx located on a NON dropbox folder
copy #2 -- home laptop has keepass sync trigger with another file protected by dropbox .
the dropbox incarnation is named with a "_traveling" suffix:
example: my [whatever].kdbx becomes [whatever]_traveling.kdbx when on dropbox.
copy #3 -- home laptop has another sync trigger against yet another folder
which protected by another cloud base service called "skydrive".
The above gives me my original file plus 2 cloud based backup at all times.
copy #4 -- meanwhile my work laptop has same [whatever].kdbx on its local c:\ drive
copy #5 -- work laptop has sync trigger against its own folder protected by
the same dropbox account so it can send or receive the
same filename ([whatever]_traveling.kdbx) between home/work.
(assuming the internet is up)
the work PC and the home pc match each other
this means between home/work/dropbox there are now 5 identical copies of the file.
copy #6 -- meanwhile my android phone has its local copy of the database file.
the android software is using/syncing against the skydrive traveling copy
(assuming the internet is up)
then with enough normal use of keepass (aka open/close the .kdbx file)
then everything will automatically endup in sync
and now I have 6 backups of the .kdbx file.
BTW: there is a specific reason for using local files and keypass
syncing withthe "_traveling" dropbox versus simply using keypass
directly against a dropbox file
t helps to know a keepass sync is different than a cloud based dropbox/skydrive syncs.
Cloud based services tend to slam entire files from one side to another
based on which ever side contains the newer timestamp.
Data entry loss can occur two or more remotes are disconnected from the internet
and two or more then do dataentry agains the same file.
To make sure one is immunte from data entry being lost
you use a keypass sync as helper with dropbox.
Keepass sync operates at the record level within the .kdbx file.
Furthermore keepas syncs are a 2 way sync so insert updates deletes from one side will be applied to the other and visa/versa.
What this means is if you restrict yourself to only doing entry
on the base ( non _traveling) file then then by very definition that file will receive
the data entry you just performed.
Furthermore because that file is NOT on dropbox then your cloud based service
will never overwrite it.
Meanwhile the keepass sync will push your data entry into the Traveling copy
and corespondinly take any new stuff in _traveling and put into your local .kdbx
This of course means that the cloud service will see the new .kdbx traveling file
and push this new file to all other remote devices so they can keepass sync with it
If changes occur on the remotes the process will repeat back to you.
Assuming the internet is up and enough open/closes of keepass occur then all files will
eventually become identical copies on all devices regardless of which device was used to create a given record.
copy #7-26 -- home pc uses pluggin "DB Backup plugin"
this pluggin lets you configure three things:
copy #27-46 -- work pc has same pluggin just mentioned and it too outputs
to both its local C:\ drive and a network drive.
by its every nature, the 20 copies on the work pc will be different timestamps than the 20 on the home pc and reside in different folders/locations.
copy #47
-- the autosync triggers already mentioned also check for the existance
of the flash drive I keep on my car keys.
If the flash drive happens to be present in usb port at the time of keepas being opened
then the flash drive copy of the .kdbx is made current.
The keyfop copy is an after thought backup
this incarnation of the file exists mostly as a means to get into dropbox or skydrive
if I am somehow without my phone and without either of my laptops but still desire keepass.
this copy allows me to get into dropbox so I may then get the most current .kdbx file.
BTW:
Both home and work laptops also have an autosave trigger configured.
The autosave simply takes the "ok" button from within the edit panel
and when you click that button to exit the panel if a change was made
the autosave trigger with instruct keypass will flush the data entry to disk.
That write by keepass envokes the pluggin to make its timestamped multiplexed backup copies as well.
Last edit: develop1 2016-10-02
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
okay that is very long post and very complicated. I want to make it simple.
So right now i have keepass on
Laptop
External Hard Drive
Iphone
USB
Dropbox
So this is good enough right? Because i have the keepass on the physical items such as laptop, external hard drive, iphone, usb. Then i have a digital backup on dropbox. Thus make sure you have 1 physical backup and 1 digital backup? Thus i just need keepass on laptop, external hard drive and on an icloud service like dropbox and thats good enough right?
Also wouldn't a digital backup probably be more important than the physical backup?
So basically as you remember your keepass password and your dropbox password, then basically that is all you need right?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think a physical backup is the best backup because you don't need to remember the password to access your cloud service to recover your database. One password is all you should ever need to remember.
I don't use the cloud as a digital backup, but as a method to access my database on portable devices.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I agree. Clouds can serve as backups in an emergency, but that's not what they're really for; they're for access when you aren't physically near the computer that usually uses the file.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I do all of what Joe Throw does. I also do a backup in a completely different medium in case something goes wildly catastrophic. I print the database to a pdf file and then encrypt it using a freeware called encrypt.exe , using the same master password.
All of the encrypted files, keepass files and encrypted pdf scans of our wills and such, are in a shared drive which my son can access in case my wife and I have an untimely demise. When he comes to dinner, there is no beer until he repeats our master password. :)
When my folks died, it was a lot of hassle with all the passwords my Dad used and the single sheet of paper I found with his terrible hen scratching writing on it. I want to avoid that for my son.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Peter, how would you manage succession if you don't trust the people who have to do the work? I wouldn't want to give my master password to anyone, but someone may need access when the inevitable happens.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Paul, I'm a little confused as to what you mean, so let me tell you about my situation and experience. I'm always ready to listen to other viewpoints to correct any false notions I may have. And I don't want to highjack this thread either.
In the event of my and my wife’s demise, everything would go to our only child and he would be the executor. He is the one who would have to figure out inheritance, IRA survivor benefits, SSI, outstanding bills and much more. He is the one I trust just as he trusts me to help him with his investments. My parents and more so my wife’s parents, kept everything secret, so it was literally going through all the drawers in the house. I know they trusted us, but their generation seamed to have the attitude that their affairs were nobodies business, to the extreme.
So we decided to let our son know as much about our lives as possible, so as we get older, he can make informed decisions, not only when are old, but also when it’s time to close up shop.
I do trust the people that will have to do the work, that would be our son. And (yes I’m being just a little silly here), if I never give out my password, I can’t figure out how to give it to someone after the inevitable happens.
But as always….. keepass is the best.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you are prlanning for the final emergency but want to keep passwords safe here is a suggestion to ponder over and perhaps develop.
Assume that you have two people that you can trust:.
Create a password that will be used to access KeePass. Let us say it as 20 characters.
Give person A the first 10 characters and person B the second 10 characters. Now the only way in which your master password could be compromised would be for them to collaborate in cracking your password..You would of course have to notify both whenever you change your master password (or just change hald of it and notify the custodian or that half).
If you live in the UK then I believe it is possible to lodge your will with the Probate office. You could include half of the passowrd in your will and then change the other half and notify your trusted person of that part. You would not so easily be able to change the first part. This could possibly achieve what you need.
Last edit: steelej 2016-11-25
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Most people have keepass on their main computer. But how many backups of the keepass do you have? I assume the next one would be on your USB? Then the next one is on a USB? Another one on an external hard drive? However, do you always have a copy of it online somewhere? That is absolutely necessary right since you could have no access to any of your items etc?
If so, where do you keep your keepass in? I assume something like dropbox? What online places do you keep it?
Pretty much as you surmise.
All backups should be non-active copies of your working database.
Note: USB flash sticks are usually less reliable than SSD or hard drives.
Last edit: wellread1 2016-10-01
Hi there. So does an iphone or ipad count as a 2nd one?
For the off site... when you say in the cloud you mean like dropbox or similar? Thus that way if you were to lose all your items, then you still have your password on cloud or dropbox right? Do most people cloud or dropbox?
I did not know usbs are less reliable than hard drives.
Another thing but does anyone here keep a copy of their passwords on paper? Whether typing it out and then printing it out or writing it out?
The thing is has anyone here had all their electronic devices go bad and could not get their passwords anymore because they only kept it in their computer only or and their usb or hard drive but had no more access to it? Because to me, wouldn't having it online probably be the most safest? Then its your main computer? Thus as long as you remember your cloud or dropbox password, you are fine? Because things like computers can go bad or other things etc.
Also what do you mean all backups should be non active copies?
non-active - not a database that is actively used, it is a recent static copy of the database known to be good.
Dropbox is a cloud service.
How many is most?
How many people have their house burn down, get burglarized, or hit by lightning? You don't need to keep multiple backups in multiple locations if you think these can't happen to you.
I have 4 copies, one of which is used read only online - not on a mainstream cloud service.
cheers, Paul
My setup is 100% automatic
it was "easy" to setup
and this yelds multiple backups at multiple physical locations
as well as let you recover from drunken/brain fart data entry.
copy #1 -- home laptop has a local file named [whatever].kdbx located on a NON dropbox folder
copy #2 -- home laptop has keepass sync trigger with another file protected by dropbox .
the dropbox incarnation is named with a "_traveling" suffix:
example: my [whatever].kdbx becomes [whatever]_traveling.kdbx when on dropbox.
copy #3 -- home laptop has another sync trigger against yet another folder
which protected by another cloud base service called "skydrive".
The above gives me my original file plus 2 cloud based backup at all times.
copy #4 -- meanwhile my work laptop has same [whatever].kdbx on its local c:\ drive
copy #5 -- work laptop has sync trigger against its own folder protected by
the same dropbox account so it can send or receive the
same filename ([whatever]_traveling.kdbx) between home/work.
(assuming the internet is up)
the work PC and the home pc match each other
this means between home/work/dropbox there are now 5 identical copies of the file.
copy #6 -- meanwhile my android phone has its local copy of the database file.
the android software is using/syncing against the skydrive traveling copy
(assuming the internet is up)
then with enough normal use of keepass (aka open/close the .kdbx file)
then everything will automatically endup in sync
and now I have 6 backups of the .kdbx file.
BTW: there is a specific reason for using local files and keypass
syncing withthe "_traveling" dropbox versus simply using keypass
directly against a dropbox file
t helps to know a keepass sync is different than a cloud based dropbox/skydrive syncs.
Cloud based services tend to slam entire files from one side to another
based on which ever side contains the newer timestamp.
Data entry loss can occur two or more remotes are disconnected from the internet
and two or more then do dataentry agains the same file.
To make sure one is immunte from data entry being lost
you use a keypass sync as helper with dropbox.
Keepass sync operates at the record level within the .kdbx file.
Furthermore keepas syncs are a 2 way sync so insert updates deletes from one side will be applied to the other and visa/versa.
What this means is if you restrict yourself to only doing entry
on the base ( non _traveling) file then then by very definition that file will receive
the data entry you just performed.
Furthermore because that file is NOT on dropbox then your cloud based service
will never overwrite it.
Meanwhile the keepass sync will push your data entry into the Traveling copy
and corespondinly take any new stuff in _traveling and put into your local .kdbx
This of course means that the cloud service will see the new .kdbx traveling file
and push this new file to all other remote devices so they can keepass sync with it
If changes occur on the remotes the process will repeat back to you.
Assuming the internet is up and enough open/closes of keepass occur then all files will
eventually become identical copies on all devices regardless of which device was used to create a given record.
copy #7-26 -- home pc uses pluggin "DB Backup plugin"
this pluggin lets you configure three things:
copy #27-46 -- work pc has same pluggin just mentioned and it too outputs
to both its local C:\ drive and a network drive.
by its every nature, the 20 copies on the work pc will be different timestamps than the 20 on the home pc and reside in different folders/locations.
copy #47
-- the autosync triggers already mentioned also check for the existance
of the flash drive I keep on my car keys.
If the flash drive happens to be present in usb port at the time of keepas being opened
then the flash drive copy of the .kdbx is made current.
The keyfop copy is an after thought backup
this incarnation of the file exists mostly as a means to get into dropbox or skydrive
if I am somehow without my phone and without either of my laptops but still desire keepass.
this copy allows me to get into dropbox so I may then get the most current .kdbx file.
BTW:
Both home and work laptops also have an autosave trigger configured.
The autosave simply takes the "ok" button from within the edit panel
and when you click that button to exit the panel if a change was made
the autosave trigger with instruct keypass will flush the data entry to disk.
That write by keepass envokes the pluggin to make its timestamped multiplexed backup copies as well.
Last edit: develop1 2016-10-02
Wow!
okay that is very long post and very complicated. I want to make it simple.
So right now i have keepass on
So this is good enough right? Because i have the keepass on the physical items such as laptop, external hard drive, iphone, usb. Then i have a digital backup on dropbox. Thus make sure you have 1 physical backup and 1 digital backup? Thus i just need keepass on laptop, external hard drive and on an icloud service like dropbox and thats good enough right?
Also wouldn't a digital backup probably be more important than the physical backup?
So basically as you remember your keepass password and your dropbox password, then basically that is all you need right?
I think a physical backup is the best backup because you don't need to remember the password to access your cloud service to recover your database. One password is all you should ever need to remember.
I don't use the cloud as a digital backup, but as a method to access my database on portable devices.
cheers, Paul
I agree. Clouds can serve as backups in an emergency, but that's not what they're really for; they're for access when you aren't physically near the computer that usually uses the file.
I do all of what Joe Throw does. I also do a backup in a completely different medium in case something goes wildly catastrophic. I print the database to a pdf file and then encrypt it using a freeware called encrypt.exe , using the same master password.
All of the encrypted files, keepass files and encrypted pdf scans of our wills and such, are in a shared drive which my son can access in case my wife and I have an untimely demise. When he comes to dinner, there is no beer until he repeats our master password. :)
When my folks died, it was a lot of hassle with all the passwords my Dad used and the single sheet of paper I found with his terrible hen scratching writing on it. I want to avoid that for my son.
Peter, how would you manage succession if you don't trust the people who have to do the work? I wouldn't want to give my master password to anyone, but someone may need access when the inevitable happens.
cheers, Paul
Hi Paul, I'm a little confused as to what you mean, so let me tell you about my situation and experience. I'm always ready to listen to other viewpoints to correct any false notions I may have. And I don't want to highjack this thread either.
In the event of my and my wife’s demise, everything would go to our only child and he would be the executor. He is the one who would have to figure out inheritance, IRA survivor benefits, SSI, outstanding bills and much more. He is the one I trust just as he trusts me to help him with his investments. My parents and more so my wife’s parents, kept everything secret, so it was literally going through all the drawers in the house. I know they trusted us, but their generation seamed to have the attitude that their affairs were nobodies business, to the extreme.
So we decided to let our son know as much about our lives as possible, so as we get older, he can make informed decisions, not only when are old, but also when it’s time to close up shop.
I do trust the people that will have to do the work, that would be our son. And (yes I’m being just a little silly here), if I never give out my password, I can’t figure out how to give it to someone after the inevitable happens.
But as always….. keepass is the best.
If you are prlanning for the final emergency but want to keep passwords safe here is a suggestion to ponder over and perhaps develop.
Assume that you have two people that you can trust:.
Create a password that will be used to access KeePass. Let us say it as 20 characters.
Give person A the first 10 characters and person B the second 10 characters. Now the only way in which your master password could be compromised would be for them to collaborate in cracking your password..You would of course have to notify both whenever you change your master password (or just change hald of it and notify the custodian or that half).
If you live in the UK then I believe it is possible to lodge your will with the Probate office. You could include half of the passowrd in your will and then change the other half and notify your trusted person of that part. You would not so easily be able to change the first part. This could possibly achieve what you need.
Last edit: steelej 2016-11-25
I'm assuming you don't have a trusted person - worst case scenario.
cheers, Paul
Other than my son and wife, not at this time. Something for me to think about.