Improve the security of password exports
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
#2773 Improve the security of password exports
can you better protect keepass for windows by disabling export in clear text without user confirmation ? Because, by default, Notepad is enough to add an export trigger in the configuration file so that an attacker can easily access all my passwords, at once without me knowing it.
Thanks
You already can realize this by turning off the application policy option 'Export - No Key Repeat' (in 'Tools' → 'Options' → tab 'Policy'), enforced using an enforced configuration file:
https://keepass.info/help/kb/config_enf.html
However, I think it's more important to understand the points mentioned on
https://keepass.info/help/kb/sec_issues.html#cfgw
https://keepass.info/help/base/security.html#secspecattacks
Best regards,
Dominik
Why people trust keepass so they use it instead of a spreadsheet ? perhaps because it is supposed to provide additional security, simply by clicking on the 'install' button.
And how many know that by default a simple text editor (not a spyware) will configure keepass to export, the next time they open it, all passwords in clear text without notification or confirmation?
And above all why don't you say on your homepage : "An attacker who has write access to the KeePass configuration file can modify it maliciously and can access all your passwords" ?
If you write "These attacks can only be prevented by keeping the environment secure", in this case why do I need keepass ?
Please keep the discussion in one thread:
https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
Thanks and best regards,
Dominik