[Plugin Idea] USB device as the key
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
#109 [Plugin Idea] USB device as the key
There is a unique identifier in every USB device (like a
GUID). It would be nice to use a _USB device_ as the
key. So for example, I have to have my USB drive
plugged into my machine for KeePass to work, or it can
even be used with a USB mouse or whatever.
On linux, my friend has this setup where nobody can
login or type on the keyboard without his exact USB
dongle connected.
I think this should be useable AS the key, or also in
combination with other mechanizms. For example, I keep
the .key file on my dongle, but it would be great if I had
to have that exact dongle too. Is this making sense?
Logged In: YES
user_id=928893
> it would be great if I had to have that exact dongle too
Wouldn't it worry you that the USB drive might get lost or
break? If this happened, how would you ever retrieve and use
your password database?
-irrational john
Logged In: NO
I agree with the previous comment. Maybe with the
exception of having an alternative way of accessing the data
once the usb device is destroyed or inaccesible. What about
being able to burn a key to a CD/DVD? Then you must have
the secret decoder CD in the drive to access the keepass
safe. Just a thought.
Logged In: YES
user_id=762136
>> it would be great if I had to have that exact dongle too
>
> Wouldn't it worry you that the USB drive might get lost or
> break? If this happened, how would you ever retrieve and
use
> your password database?
that's sort of the point. security. don't loose the USB dongle
or break it. you could always keep a backup somewhere that
doesn't use the dongle too right? like on a CD in a safe
deposite box or something, then if you loose the dongle, just
get the CD, load it up, and re-encode with a new dongle.
Logged In: YES
user_id=928893
> you could always keep a backup somewhere that
> doesn't use the dongle too right?
So in other words, you'd have to periodically save the database
to another backup database file which used another key,
different than the USB drive's identifier, to encrypt the backup
database.
This is possible, but awkward with the current KeePass UI.
Also, after mulling on it a bit, I really don't think using the USB
drive's identifier is any more secure than just saving a KeePass
password file on the USB drive. If someone was in a position
where they could copy your key file from the USB drive then
they could just as easily make a copy of the USB drive's
identifier. Either way they'd have the key to open your database.
No?
-irrational john
Logged In: NO
This should come with a way to recover if you loose your
device.
Logged In: YES
user_id=1094544
I like the idea as long as there's a backup available.
I also like the idea of doing the same thing with a CD-key
which I know I'd be able to duplicate. I use a USB mini-drive
and would rather not spend several minutes setting things up
every time I want to use my "keys".