biob Posted December 30, 2018 Share Posted December 30, 2018 Hi Was wondering what the best practices are for using password managers? 1)Which ones would you recommend. 2) Where to store the database. 3) Password or key file? Quote Link to comment Share on other sites More sharing options...
digininja Posted December 30, 2018 Share Posted December 30, 2018 I like KeePass as I get to keep the password file locally so can access it whenever I want and don't have to worry about anyone else securing their systems. Password or keyfile depends on where you are accessing it, if you are going at it from lots of places then you'll need to use a password or distribute the file widely around. 1 Quote Link to comment Share on other sites More sharing options...
biob Posted December 30, 2018 Author Share Posted December 30, 2018 I’m using keypass at the moment 👍🏻 Application and database are on a usb drive. Logic being the files only accessible when needed 🤔 I only use it on one machine and have no intension of using else where. I’ve seen posts where people are storing the database in the cloud, which worries me as it removes a layer of protection(in my eyes). Quote Link to comment Share on other sites More sharing options...
biob Posted December 30, 2018 Author Share Posted December 30, 2018 Would you say the key file is a better method or just more convenient? Quote Link to comment Share on other sites More sharing options...
digininja Posted December 30, 2018 Share Posted December 30, 2018 I share the file between a couple of machines and a phone so the file isn't really an option. And the database file just sits on my normal filesystem but I do have drive encryption as a layer of protection. Quote Link to comment Share on other sites More sharing options...
biob Posted December 30, 2018 Author Share Posted December 30, 2018 Yeah and theres a 99.9999% chance your setup/systems are more secure too 😁 I haven’t even scratched the surface of the security rabbit hole 😂 Quote Link to comment Share on other sites More sharing options...
digininja Posted December 30, 2018 Share Posted December 30, 2018 It's all about risk assessment and working out your threats. If my machine gets popped while running, the database will be unlocked so password or key file won't make a difference. If the machine is off, then full disk encryption will be a good first layer of protection and someone grabbing it is likely to be a theif who wants it wiped and resold as quick as possible so done care about my passwords. Suspended, they would have to get past my login creds but would then have access to the unlocked database. If they steal the file from where it is shared, then a key file would be best but a strong password should be good enough to protect it. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.