A. K.

As the previous posters suggest, first check your devices (both computer and phone!) for malware. If you know how, performing total reset / format may be the way to go. Next thing: Did you use the Gmail for registering your Twitter and Amazon accounts? Because, if the attacker gains access to your e-mail, passwords for other services can be reset using it. Maybe there was a suspicious application linked to your Google account, and from there hacker proceeded with password reset? Especially I'd take...

I think, the configuration you created is totally wrong and insecure. - If you send the master password, key file and other data via command line, anyone with a bit of knowledge can recover it - check e.g. Sysitnternals ProcessExplorer which will reveal command line used by every process in your system - If the location of database, key file and password is known, anybody can open it even without auto type - I can use AutoType to fill in the form on the webpage and immediately press ESC to stop loading,...

I think, the configuration you created is totally wrong and insecure. - If you send the master password, key file and other data via command line, anyone with a bit of knowledge can recover it - check e.g. Sysitnternals ProcessExplorer which will reveal command line used by every process in your system - If the location of database, key file and password is known, anybody can open it even without auto type - I can use AutoType to fill in the form on the webpage and immediately press ESC to stop loading,...

I don't see any added value to the security with your approach. Better use both concatenated strings as a master password. However, I considered this at some time point, to create a "recoverable key file" - which will be a long text file, containing some sentence/quotation/poem... that can be typed from memory. This leads to several problems, if you want later to recreate the file that will be identical to the original one on binary level: - the text must be typed in exactly the same way: including...

I don't see any added value to the security with your approach. Better use both concatenated strings as a master password. However, I considered this at some time point, to create a "recoverable key file" - which will be a long text file, containing some sentence/quotation/poem... that can be typed from memory. This leads to several problems, if you want later to recreate the file that will be identical to the original one on binary level: - the text must be typed in exactly the same way: including...

I think, you still don't get the point. Let's say, I forgot the password to my own KeePass database and I want to crack it (because I have some idea how the password can look like :) ). I will definitely NOT use the KeePass software to break it. I will also NOT use any UI automation testing software or any kind of robot to type the passwords into a master password box. I, as a programmer, would go to KeePass sources, check how the database is encrypted, how the decryption algorithm works and build...

I think, you still don't get the point. Let's say, I forgot the password to my own KeePass database and I want to crack it. I will definitely NOT use the KeePass software to break it. I will also NOT use any UI automation testing software or any kind of robot to type the passwords into a master password box. I, as a programmer, would go to KeePass sources, check how the database is encrypted, how the decryption algorithm works and build my own software, which will guess the password. I can even import...

You said, that the application is gone. Maybe your antivirus software is over-sensitive and removed it due to some false positive? Check the quarantine. Maybe your database is still present on the disk and the only thing you need to do is to reinstall KeePass and open the file?