I have understood the security of your KeePass database file when it is on the hard disk or on a USB toggle, and that it is for all intents and purposes perfect.
I would like to ask what the security position is when the information is displayed on the screen. If a Trojan or virus did have access to my computer and the information was on screen or minimised, would they have access to the passwords etc? while I am using the program?
I find your program first class, but just have the worry that while I am working with the information it might be accessible.
Would it then be considered that by placing the password on the KeePass one had violated a condition of internet banking?
Please reply to my e-mail address as I am not quite sure how to access the Forum
Sorry, no private e-mail support.
You can have a look at the security page from Dominik on: http://keepass.info/help/base/security.html
Generally it is always possible for an evil trojan / virus program to make a snapshot of your whole screen including everything which is displayed on it. That includes of course also passwords. So if you want ultimate security, a dedicated device with no access to the internet, which does nothing but "password storing" and is security certified is of course the tool of choice.
As soon as you have a program running in parallel with other programs on the same device, sharing the same memory (=steal the password by finding a way to access the data),
screen (=do a snapshot whenever the program is in the foreground),
keypad (=just copy the whole database and run a keylogger to get the masterkey).
You have the risk of the data being stolen.
Manipulating the program or adding a backdoor to it, so that it uses a default password known to the hacker is also an option.
So my 10cents would be:
- Keepass is ideal for storing your Browser, E-Mail, Forum passwords
- Storing all your online banking passwords + TANs is most likely considered a "severe"
security violation if things go completely wrong.
So it is up to your own judgement how much you trust KeePass(PPC/SD) and your PC and how sensitive the data you wanna store in it should be.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.