Best practices for using a password manager?

[biob]

Hi

Was wondering what the best practices are for using password managers?

1)Which ones would you recommend.

2) Where to store the database.

3) Password or key file?

[digininja]

I like KeePass as I get to keep the password file locally so can access it whenever I want and don't have to worry about anyone else securing their systems.

Password or keyfile depends on where you are accessing it, if you are going at it from lots of places then you'll need to use a password or distribute the file widely around.

[biob]

I’m using keypass at the moment 👍🏻 Application and database are on a usb drive. Logic being the files only accessible when needed 🤔 I only use it on one machine and have no intension of using else where. 

I’ve seen posts where people are storing the database in the cloud, which worries me as it removes a layer of protection(in my eyes).

[biob]

Would you say the key file is a better method or just more convenient?

[digininja]

I share the file between a couple of machines and a phone so the file isn't really an option.

And the database file just sits on my normal filesystem but I do have drive encryption as a layer of protection.

[biob]

Yeah and theres  a 99.9999% chance your setup/systems are more secure too 😁 I haven’t even scratched the surface of the security rabbit hole 😂 

[digininja]

It's all about risk assessment and working out your threats.

If my machine gets popped while running, the database will be unlocked so password or key file won't make a difference.

If the machine is off, then full disk encryption will be a good first layer of protection and someone grabbing it is likely to be a theif who wants it wiped and resold as quick as possible so done care about my passwords.

Suspended, they would have to get past my login creds but would then have access to the unlocked database.

If they steal the file from where it is shared, then a key file would be best but a strong password should be good enough to protect it.