Anyone use KeePass?

[IamFuzzles]

Anyone? How effective/secure is it? I've been looking for a safe way to manage my passwords that I could take with me and access just about anywhere. Thought about a plaintext file (encrypted obviously), but management of all passwords becomes cumbersome. I also needed something multiplatform, so this seems like a good choice, but, just curious for input or other suggestions.

[1713590783]

1713590783

[nhodges]

I find it pretty useful, and you can change the encryption configuration to be more or less secure. But if you need your password manager to be platform agnostic, KeePass is your best bet.

[duckfeet]

ONce I got used to it, I liked it better and better.  I've tried all the ways of remembering passphrases, but they just never seem as secure as keepass...main thing, is to get it on a flash drive too, so you can use your passwords if you're elsewhere, and then I have everything backed up in  a free dropbox account.

[BitCoinBarter]

KeePass is free and provides excellent security.

I played with it a long time ago (I think I will revisit it again) . Choose a good password and you will do fine.

I use LastPass (www.lastpass.com), have you heard of it?
LastPass has had some problems as of late, however I still recommend it.

If you choose a good password with LastPass, then you will do well (as with KeePass).

LastPass is multiplatform and is free for the basic edition. If you upgrade (for $12 year, sorry they don't except BitCoin yet ), you would also be able to use it with your mobile devices. I have the free edition myself.

LastPass does offer multifactor authentication*. I'm not sure if KeePass does that (as I wrote, I played with it a long time ago). Grated the multifactor authentication is better and easier to use with the upgrade.

No I do not work for LastPass. I just believe that it is a great product. 

* Multifactor authentication will require you to do something after you put in your correct user ID and password. For free members (if that opt in), that will ask you to enter some random info. For details, goto http://helpdesk.lastpass.com/?s=grid

[bullox]

KeePass is free and provides excellent security.

I played with it a long time ago (I think I will revisit it again) . Choose a good password and you will do fine.

I use LastPass (www.lastpass.com), have you heard of it?
LastPass has had some problems as of late, however I still recommend it.

If you choose a good password with LastPass, then you will do well (as with KeePass).

LastPass is multiplatform and is free for the basic edition. If you upgrade (for $12 year, sorry they don't except BitCoin yet ), you would also be able to use it with your mobile devices. I have the free edition myself.

LastPass does offer multifactor authentication*. I'm not sure if KeePass does that (as I wrote, I played with it a long time ago). Grated the multifactor authentication is better and easier to use with the upgrade.

No I do not work for LastPass. I just believe that it is a great product. 

* Multifactor authentication will require you to do something after you put in your correct user ID and password. For free members (if that opt in), that will ask you to enter some random info. For details, goto http://helpdesk.lastpass.com/?s=grid

Asking more questions is not multi factor authentications.  That's just essentially having two passwords.  Any question can be answered.

The heart of multiple factor authentication is to not only test WHAT YOU KNOW (password, passphrase, security question) but also to test WHO YOU ARE or WHAT YOU HAVE.   The former is biometric data, the latter would be tokens like a rsa keyfob or a card to swipe or an rfid tag.

Any security product that doesn't even KNOW what two factor authentication is.....  man. You should steer clear of any of their products.

[Gently]

Been using KeePass for almost 3 years. I have the encrypted DB on DropBox and can access it from everywhere (including my Android cell).

I would definitely recommend KeePass, as long as your master password is strong enough.

[BitCoinBarter]

bullox,

You are correct, "...multiple factor authentication is to not only test WHAT YOU KNOW (password, passphrase, security question) but also to test WHO YOU ARE or WHAT YOU HAVE.   The former is biometric data, the latter would be tokens like a rsa keyfob or a card to swipe or an rfid tag..."

Also, "...Any security product that doesn't even KNOW what two factor authentication is.....  man. You should steer clear of any of their products."

LastPass does multiple factor authentication. I am sorry that I was not more clear.

For upgrade members, they offer something called Sesame. See http://helpdesk.lastpass.com/security-options/sesame-multifactor-authentication-with-a-usb-thumb-drive/ for details.   
Sesame will allow you to use a USB (something you have) with your Login Information (i.e., your user ID and Password). Your Login Information (as you know) is something you know.

Upgraded members could also use YubiKey (something you have). Yubikey is a special USB. See http://www.yubico.com/yubikey for details. The Yubikey has to be used with your Login Information (something you know) to access your account.

Basic members can only use something called Grid. LastPast will produce a Grid for you to print out. A Grid (something you have*) is a list of random numbers. After you put in your Login Information (something you know), LastPass will ask to to look up certain places on the Grid and tell you what you find. Input the wrong thing and no access.  More information is at http://helpdesk.lastpass.com/?s=grid
 
Upgrade members can also use Grid. However, I don't know why they would. A piece of paper is easier to lose then a USB (my opinion).

LastPass (I believe) will only allow you to use one type of multiple factor at a time. So you can not use your USB, Login Information and Grid. You can have a max of only two types of authentication. Granted using a USB, Login Information, and Grid is only two types** of authentication. However I think I have made my point.


The links about Sesame, YubiKey, and Grid have videos.

* I guess you could remember the Grid (I would not take the effort to try), however I would still consider that something you have (i.e., your mind  )
** Login Information is something you know. A USB and Grid is something you have. 

[bitworld]

wow first time i hear about something like this.
think i will look into this.

[BitCoinBarter]

Follow up on my last post.

With Grid, LastPass will ask you to look up different places for numbers every time you login (of course).

If someone was monitoring your system, over time they could determine what your Grid numbers are.  

Luckily, you can have LastPass produce a new Grid (with a different bunch of numbers) at any time.

[kralizec]

ONce I got used to it, I liked it better and better.  I've tried all the ways of remembering passphrases, but they just never seem as secure as keepass...main thing, is to get it on a flash drive too, so you can use your passwords if you're elsewhere, and then I have everything backed up in  a free dropbox account.

Avoid this!

Never type your KeePass passphrase on an untrusted machine! Luckily there's keepass for smart, and even dumbphones (javaME)!