I use Syncthing to keep the database synchronized across all my devices. I keep an offline backup updated from an always-on Raspberry Pi, and also an rclone-encrypted cloud backup in several providers.

> I remember mostly the words

Either you remember them or you don't. Uncertainty about capital letters isn't too hard a problem to solve. Uncertainty about the characters in the password is effectively called "not knowing the password".

You could script this in any language you like and try the generated passwords via https://keepass.info/help/base/cmdline.html

You basically need to create your own tool.

KeePass 2's synchronization tool might get the job done. It was designed for multiple versions of the same database, not separate databases, but it should work. You'd have to make the master password the same on both databases first. As always, make backup copies of your databases before attempting this.

I use this [Favicon Downloader], still a bit of a pain manually entering the URLS of all your entries if you haven't already, but once it's setup it can bulk download icons for them.

hi, yes you can use Keepass with softwares as well. Look for the Auto-type and global hotkeys features. Keepass uses the window title (and more) to identify the entry.

The url field is optionnal and not limited to http(s)://. Example you can define ftp:// or cmd://myapp.exe

https://keepass.info/help/base/autotype.html https://keepass.info/help/base/autourl.html

Keepass2Android has native integration for some cloud providers. If you're using any of them, then K2A will keep its end synced by itself.

On Windows, don't open the database directly from the cloud provider location. See here https://keepass.info/help/kb/trigger_examples.html#dbsync

Thank you for your view.

>I don't see how calling forks forks belittles forks authors

Calling forks forks is absolutely fine in my book, too. I take issue with independent apps being called forks, though. The term "KeePass fork" implies the app includes a substantial amount of Dominik's code. Which is false for most apps in the sidebar.

>where you got this information that Kee Pass forks don't include Kee Pass code.

I wrote two of them and read KeePass and KeePassXC code while doing that. The only common ground between these apps is the database format (cf. Chrome and Firefox argument above)

>So what is this war of words about ?

Hurt feelings, I guess… Getting called a "KeePass fork" makes me, ahem, aggrieved :) But I don't mean to continue, we both have better things to do.

KeePass site clearly states how KeePass generates random numbers:

https://keepass.info/help/base/security.html#secrandom

Yes, you can add additional mouse momennt entropy to password generation, it's the last option in password generation which can collect additional user input as entropy.

​

HOWEVER It doesn't matter, it's pointless.

I personally use NextCloud. It's really quite cool and is very easy to install on any server or something like a DigitalOcean droplet. Funny enough DigitalOcean made a tutorial on setting NextCloud up. https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-nextcloud-on-ubuntu-16-04 NextCloud is really nice and even has 1st party addons for things like U2F and TOTP for added security. It has clients for just about every major platform. https://nextcloud.com/clients/

I host mine on a DigitalOcean droplet, keeping the database file available for offline usage on the Android nextcloud client.

Based on the release history, you are clearly mistaking KeePass with a different software package. Perhaps you are thinking of KeePassX.

I've never done it but I think the synchronization option in keepass might do what you're looking for. I think KeepassXC also has something similar.

[Edit] Make sure to backup both files before trying, just in case.

Yes, use Global Auto-Type. It can be invoked with Ctrl+Alt+A. A big part of getting this to work 100% is to set up custom sequences for specific windows. You can find this in the Auto-Type tab when editing your entry. This way, you can make your entries match any window you need just by specifying the window titles or browser tab titles you need.

It does not work this way.

Kee Pass is an open source program, the original version of which was made exclusively for Windows. That's what is called Kee Pass, without further qualifiers.

Other developers have forked the code to create alternatives either for Windows, or for other platforms : Mac, Linux, Android, iOS, web apps. Those forks bear modified names, usually with Kee Pass in it (but not always).

There's no CEO of Kee-Passdom granting official endorsements to this and that version. There are reputations, built by users.

You can nevertheless find a list of those forks on the site of the original Kee Pass, including some for Macintosh. They are called "contributed / unofficial ports", which reflects the fact that the original Kee Pass developer does not vouch for them.

Nevertheless, you might consider that if a version was downright dangerous or malicious, it wouldn't be listed there. Also, Dominik Reichl, the developer, insists on a naming convention for the forks, as you will read on this page. He does not have the means to enforce it, but authors of forks generally follow it.

Well there are multiple options that would have improve security, explaining everything is very long just head into the official site keepass.info it has everything in great detail, but in general:

1. Increase the time/resources required to brute-force your DB by altering the KDF parameters. I recommend using Argon2 over AES-KDF.
2. Use Secure Desktop on Windows.
3. Use TCATO, if you are unfamiliar with auto-type, use it as well. makes everything very comfortable.
4. Lock the DB after X time, clear clipboard after X time. X being whatever suits you.
5. I would keep multiple copies of the DB, at different places. backup can be done by triggers(script) or manually. dropbox by itself keeps backups and previous version for your files which is really nice.

NOTE: Keepass was never designed to be used as a cloud based password manager but a local password manager.

Yes, this is possible (to some extent) using a "key provider" plugin. The most common are probably OtpKeyProv for apps like Authenticator and KeeChallenge for Yubikey, but there are others for things like smart cards or certificate stores. See https://keepass.info/plugins.html

From the keepass help:

> An entry is considered to be usable for the current window title when at least one of the following conditions is fulfilled: > > The title of the entry is a substring of the currently active window title. > The entry has a window/sequence association, of which the window specifier matches the currently active window title.

So, do you have window-specific associations defined for one or more of the entries that pop up? Or perhaps you have multiple entries whose title is part of the active window title? For example "Banking" and "Login" entries and your window title is "Login to Online Banking" or similar.

URL and username/password are irrelevant (unless you have a plugin to make the URL relevant or to put the URL in the window title). Window titles are king. If you don't want multiple entries to match then look very carefully at why each entry's title matches the window title and change them to make them unique.

Hi, you can use the plugin: KeePass Fields Admin Console (SourceForge and listed in KeePass Plugins).

Saves you a LOT of time to edit multiples entries in batch.

KeePass has an import feature. It’s under the “File” menu. See: https://keepass.info/help/base/importexport.html. You’ll be able to import from another KeePass file to “merge”.

If you have a strong enough, unique password, it probably is perfectly fine. There are some caveats (you're a possible target of a state actor) but if you have a good password, then there's almost no chance a hack of Dropbox or any cloud service will be a problem.

Most hackers aren't going to bruteforce all databases due to the length of time and power to do so. Now, if you're a possible target of a nation state (e.g. China is targetting you specifically), then it's probably not a good idea but for most users, it really isn't an issue. It's too costly to bruteforce every user's keepass database for most hackers. Even keepass themselves say it shouldn't be a problem.

Now, I'd still recommend using a keyfile or yubikey to secure the DB but even without that, with a strong enough password, it shouldn't be a problem. I'd also recommend a personal cloud server, like NextCloud, instead of DropBox but that's asking a lot of most users.

Hi, KeePassium dev here.

>keepassium doesn't realize I just made a new account or whatever and doesn't ask if I want to save that password as a new entry.

On iOS, only Apple's own iCloud Keychain is allowed to pick up your credentials from a login form. For third-party apps, you would need to open AutoFill and add/generate the entry there. KeePassium does not support this just yet, but this is in my todo list.

> is there another app I can use on iOS that is more like what I'm looking for?

Here is the list of all KeePass apps for iOS I could install and check. They have different priorities on features, aesthetics and pricing, so you can find the one you like most.

>it just feels clumsy to use

Hmm, that's new :) Can you describe what exactly feels clumsy?

Used it like that for 3 years with a Linux box in the mix as well worked great.

I have a collage that uses KeePassXC on windows as he prefers that UI so you can do that as well - https://keepassxc.org/download/#windows

Haven't used it for credit cards but I would just add the digits as a note to an entry.

There are no " plenty of X plug-ins ". KeepassX does not have a plugin interface and those no plugins (and neither does KeepassXC, btw.).

Are you confusing Keepass (has plenty of plugins) and KeepassX ?

On mobile? Use the app's keyboard and install this as well: https://play.google.com/store/apps/details?id=keepass2android.plugin.keyboardswap2

On desktop? Use the autotype feature that is built into the program.

Your clipboard can be read at any time by any program without your knowledge. The methods mentioned above would require a key logger of sorts, which are usually easier to detect.

This is what I use http://inputstick.com/ There is a plug-in for keepass2android that allows you to send the credentials directly from the password manager. This is the plug-in: https://play.google.com/store/apps/details?id=com.inputstick.apps.kp2aplugin

Oddly enough I just saw a thread on the KeePass forums about this. Apparently both Hashcat and John the Ripper have support for KeePass files. Unfortunately unless you have a pretty good idea what other words or what sorts of transformations you may have used, you will probably not have much luck, as the speeds will be only thousands of guesses per second. But if you can make a good custom dictionary and transformations so that the cracker only needs to guess one or two words you may get lucky.

This is from the official installation instructions found here:

Installation

• Exit and Close KeePass. Make sure it is not running at all (in case it is minimized to tray instead of taskbar).

• Place the "GoogleSyncPlugin.plgx" file from the downloaded .zip into your KeePass installation directory. e.g. C:\Program Files (x86)\KeePass Password Safe 2

• Run KeePass and open your KeePass database

• Make sure you have a password entry for your Google Account in your database. If that entry has the URL "accounts.google.com" associated, you can skip the next step.

• Go to the "Properties" tab of you Google Account password entry and copy the UUID at the bottom to the clipboard.

• Go to: Tools > Google Sync Plugin > Configuration Either select your Google Account from the drop-down list or select "Custom KeePass UUID" and paste the UUID you copied to the clipboard into the "KeePass UUID" field.

• Optional Step: Provide the OAuth 2.0 "CLIENT ID" and "CLIENT SECRET" you created following the steps in the Requirements section after enabling the "Custom OAuth 2.0 Credentials" checkbox.

The Plugin is now ready to work. On first use Google will ask for your consent to access your Google Drive.

If you need further help just say.

Tags are a feature of KeePass2. I'm not sure if the other KeePass apps support them. They can be added in the properties tab of the entry dialog.

> You can assign arbitrary tags to an entry. Multiple tags have to be separated by commas (or semicolons). When clicking the button right of the tags input field, a menu is displayed that allows to add tags found in other entries. > > Tags can also be added/removed in the main window: right-click onto one or more entries → 'Edit Entry (Quick)' → 'Add Tag' or 'Remove Tag'.

This is safe :

>https://keepass.info/help/kb/faq.html#dbshare
>
>If you use a strong master key, storing the database file in a public place is not a problem.

If you want to double-protect your database, you could add a keyfile to the authentication process. In this case, take care to backup the keyfile in multiple places, but not in the cloud. Or, at the very least, not in the same cloud where you put your database.

On Windows, grab something like HashCalc. Open it and select the KeePass installer you have, and it'll show you various hashes. Then, compare what you get to the hashes on KeePass' website here.

Do you get the same hashes, or are they different?

I would not use the term client. They are software programs. All of them are variants of Kee Pass. Kee Pass is an open source program, so it is permitted to copy it it make variants. All such variants al called forks. You can find their list on the website of the original Kee Pass, called Kee Pass :

https://keepass.info/download.html

All those forks use a compatible database format. If you create a password database with one, you can read it with another.

Out of the three you quoted, only Kee Pass XC is a good choice.

Kee Pass proper has a safe desktop mode, which reduces the possibility that a keylogger captures the master password.

It is said to protect against most keyloggers, but it would be theoretically possible to write one which bypasses it.

You have to activate that mode in the settings. See here for more information:

https://keepass.info/help/kb/sec_desk.html

Hmmm... The website you linked for KeePass 2 is this, but the website I've been using for KeePassX is this. They both say they're the official website for KeePass. What's up with that?

Yes, I was referring to apps compatible with KeePass DB format.

However, calling them forks is incorrect and belittles developers' work:

> a project fork happens when developers take a copy of source code from one software package and start independent development on it

The only app that I know to include KeePass2 code is Keepass2Android. KeePassXC is a fork of KeePassX, but KeePassX was created independently.

Case in point: Firefox was created 6 years before Chrome; both are open source; both can show HTML files. Can we call Chrome a Firefox fork? :)

Not sure if this will solve your problem, but you can export part of your keepassxc db to a different db with a different password. That way you can lessen your potential exposure. IIjRC you can set up the export to happen automatically when you update your "main" db.

This will make your master password safe, and only the exported subset plus that password will be potentially interceptible.

Of course never open the main db at your work computer when using this solution.

And as others said, if your work computer is "malicious" you can never be fully secure with anything that you do on that machine. This is (like all security) a risk/reward scenario.

Creates a DB with AES can be used with any Client/Port.

Like /u/xcheet said, it's better to use KeePassXC, is more active project and it's community-driven.

As for KDBX4 DB (argon2/chacha20) on KeePassXC see issue #148

First off, you always need to make sure you have multiple backups on different devices.

you can try this:

https://keepass.info/help/base/repair.html

or try some file recovery software like Recuva.

​

always make backups....

It seems you can disable modification of the master key using the KeyCreationFlags option. For admin-enforced configuration, check enforced configuration file.

Not sure how serious you are.

but you can download the source code:

https://keepass.info/download.html

under source code package.

you'll need to understand how KeePass works, at least at a basic level

I found the solution.
https://keepass.info/help/base/autotype.html#autowindows > By default, entries inherit the auto-type sequence of their containing group. Groups also inherit the auto-type sequence of their parent groups. There is only one top group (the first group contains all other groups). Consequently, if you change the auto-type sequence of this very first group, all other groups and their entries will use this sequence. Practically, this is a global override. To change it, right-click on the first group, choose 'Edit Group' and switch to the 'Auto-Type' tab.

For this, you can use the portable version, which is just a zip file. Unzip it to a USB stick, copy your DB over, and you can use it directly from the USB stick.

A few pointers that I've gathered over the years I've been using it this way:

• Remember to periodically sync your main database (I assume this would be on a personal, trusted computer); shortcut is Ctrl + R on Windows

• Speaking of which, shortcuts are your friend, the sync shortcut is just one of many you should find and use. After a while it becomes sort of a second nature.

• If you use it mainly on Windows (mainline client, not discounting KeePassXC), you can setup all your settings and carry them with you (see: https://keepass.info/help/base/configuration.html for config file locations)

• The above will allow you to take the following: Password generator profiles, most other settings, some UI Settings (like secure desktop on Windows 7 and up (maybe Vista?)), etc.

• You can use the standard folder groups as-is, and if you make more, you can organize via drag-and-drop

• You can store information in the db. So if you have, say, some paperwork from your bank (for instance), you can just attach it to an entry, no matter the format; KeePass doesn't care, and will allow you to attach files of (fairly) arbitrary size and format.

• Read and use the documentation. That's where I got a lot of this information about the config files and such. If something doesn't make sense to you, there is this subreddit that is pretty open and helpful.

• I've written a sort-of beginners how-to in (IN)SECURE Magazine, way back in '13; pg 73. Although it's slightly edited, I think it gets most of the salient points across.

• I have been working, on-and-off, a newer version, but there are plenty of other how-to's out there for initial setup, and even more advanced functionality

The copy on the Dropbox server would remain encrypted at all times. Anyone who goes into your Dropbox account would need the KeePass password to decrypt the database.

When you open the database on your device, some sensitive data may exist unencrypted in RAM. You'll need to take the necessary precautions to make sure your end devices are secure.

If your primary reason for switching to KeePass is to move away from the cloud, you may want to sync your database with Resilio or Syncthing.

On Android I use Keepass2Android, which is open source. You can open your database directly from your Google drive (or other cloud storage) and synchronise any changes back to it. After opening a database you can set it to open with your fingerprint, if you wish. It supports Android's auto complete feature in login fields, which is awesome.

On iOS I use Minikeepass, which doesn't sync back, so I download database from cloud drive, Open with Minikeepass and use it "read only" basically.

For Android I use Keepass2Android, never had any problems with it. Apart from that I use Kee with Firefox.

Found this in the official Sourceforge support forums. Apparently there's a way to jury rig Master <-> Slave database sync in newer KeePass versions.

I did find this thread, the 5th post seems to go into a bit more detail.

Other than that, I haven't really seen much of a write-up from the KeePass help pages.

A more succinct post in that same thread on this

No worries, let's try to get that fixed.

So first off let's make sure you have both the most up to date version of KeePass as well as the plugin in question, I'll give you direct links to them both below:

Google Sync Plugin 3.0.1

KeePass 3.34 (Windows)

Assuming the plugin is placed inside the plugins folder, you should then see the "Google Sync Plugin" under the Tools drop down menu.

Let me know if it still fails to appear after following these steps and I'll see what I can come up with.

The solution can be found here:

Have a look at: https://keepassium.com/articles/migrating-from-1password-to-keepass-keepassxc-keepassium/

And of course Keepassium is a good iOS app at all.

I use DataBaseBackup by Francis Noël. It's very primitive, and I believe there are more up-to-date backup plug-ins, which could very well include versioning.

I'm staying with DataBaseBackup because I'm lazy and it "just works".

See https://keepass.info/help/base/multiuser.html

>All users use the same master password and/or key file to open the
database. There are no per-group or per-entry access control lists (ACLs).

https://keepass.info/help/kb/trigger_examples.html#dbsync

You want to create a copy of your database hosted on the server (the master database), so you're only opening and working on the local copy. Then add a Trigger "saved database file" like described in the link above to automatically sync your local copy to the master database. If another device changed an entry, then the Keepass database sync function will add the changes to the entry's history and keep the most recent changes.

I even added two additionals backups to the Trigger, so I can always restore the file if it gets corrupted for some reason. https://i.imgur.com/lZHyW2x.png

According to their plugins I think that's one of the few things you could setup.

But if you have your database on more than one device/location, there is no way to sync the different files up.

Following the "auto type password only" trigger example on the KeePass website, it should be possible to adapt it for OTP and have a button in the toolbar. Besides the cosmetic differences (e.g. button name and description), you would only have to replace the password sequence in step 19 with the desired OTP placeholder.

Not sure what exactly your issue is right now. I am using a trigger to sync my database to a cloud with multiple devices accessing it, by following this guide. The link seems to describe the same steps as the YouTube video you posted. For a backup you can then do a daily or weekly copy of the cloud file by copying it to another share. I'm using a server cronjob for this, but it should also be possible to do this automatically with Windows if that's what you are up to. The linked example above also descripes a way on how to backup your database everytime you open KeePass. Hope this helps!

This is only to the passwords that you have viewed or edited. When you close KeePass and re-open it and unlock the database, the passwords are encrypted. Only when you view an entry or use auto-type for that entry will it become unencrypted. From their website:

>For some operations, KeePass must make sensitive data available unencryptedly in the process memory. For example, in order to show a password in the standard list view control provided by Windows, KeePass must supply the cell content (the password) as unencrypted string (unless hiding using asterisks is enabled). Operations that result in unencrypted data in the process memory include, but are not limited to: displaying data (not asterisks) in standard controls, searching data, replacing placeholders (during auto-type, drag&drop, copying to clipboard, ...), importing/exporting files (except KDBX) and loading/saving unencrypted files. Windows and .NET may make copies of the data (in the process memory) that cannot be erased by KeePass.

Source: https://keepass.info/help/base/security.html#secmemprot

Yes, there is, but Kee Pass itself recommends not to use it :

>Be very careful with using this option. If your Windows user account gets deleted, you won't be able to open your KeePass database anymore. Also, when using this option at home and your computer breaks (hard disk damaged), it is not enough to just create a new Windows account on the new installation with the same name and password; you need to copy the complete account (i.e. SID, ...). This is not a simple task, so if you don't know how to do this, it is highly recommended that you don't enable this option.
>
>https://keepass.info/help/base/keys.html#winuser

It's been reported that Sourceforge has started bundling malware/junkware with software hosted by them. I would find another place to download keepass (I'll look after this post)

*edit

I did find this http://www.softpedia.com/get/Security/Password-Managers-Generators/KeePass-Password-Safe.shtml after a quick google search, not sure how trustworthy it is though.

Also did the creator a message on his webpage, hopefully he will respond.

Not keepass specific, but you can run Chrome Remote Desktop on your home PC, then go to remotedesktop.google.com on the work PC (including through Edge and Firefox). Run Keepass there?

I sync my KeePass database to Google Drive on my two Windows machines using the KPSync plugin.

On my phone and tablet (iOS) I use KeePassium, which provides supports for syncing the database from the same file on Google Drive.

This allows all of my devices to sync against a common KeePass database file stored on my Google Drive.

KeePassium works with YubiKey and its implementation is compatible with KeePassXC: How to use YubiKey with KeePassium/KeePassXC. So the answer is yes.

I used both KeePassium and Strongbox for quite a long time (after MiniKeePass).

Both are nice. In my opinion, Strongbox has more features while KeePassium feels more polished and "stable".

Whereas none of the addl' features of StrongBox are super important to me. I even have a hard time naming an important one (xcd password generation? Builtin dropbox support? opening file as readonly?) ... except one: Field references. But the Keepassium author has already mentioned he's working on them.

Similarly as for you, subscription is not an option and 41$ for StrongBox is a bit on the too high side for me. Typing in my long master password got too annoying after some time in the free version though.

I think I will stay with KeePassium and get the 1-year subscription with lifetime fallback license. It is less than half the amount of Strongbox and I really like this concept with the fallback. I personally like the layout better as well.

You can find another biased comparison on https://keepassium.com/articles/keepass-apps-for-ios/

I was going by https://keepassium.com/articles/keepass-apps-for-ios/ where some of the products were listed with questionable ethics (forking without attribution, etc.) - it seemed that if someone was not running squeaky clean in this regard, it appeared a bit risky to trust my data to them unless I was doing the builds and paying Apple $100/yr to publish my own variant. Some day I will decide to pay for KeePassium since I am impressed with their openness but I have been impressed with AuthPass as well and will keep with it for now.

Hi u/cng2112, Strongbox author here. This is very doable and multiple databases are no problem and available in the Free version.

I personally use Dropbox (sharing with another account) but I know also the iCloud Sharing works well too. There's an FAQ on the iCloud version of this here:

https://strongboxsafe.com/hrf_faq/how-do-i-share-a-database-with-someone-my-friends-or-family-on-icloud/

This will read/write to your iCloud and I know some people are using this setup. I've tested it myself and it works well.

Full Syncing can be a little trickier. Currently no iOS app supports the full proper advanced sync like the Desktop version of KeePass or KeePassXC. This involves comparing two different versions of your databases and merging any changes automatically. So there is a small window if you have multiple simultaneous writers, of one version overwriting another.

I'm hoping to add this functionality to Strongbox in the near future which should definitely fix these kinds of conflicts in the same way as the Desktop versions.

Hope that's helpful!

Its not how it works with Keepass on Windows. However, it seems the Android app deliberately caches files, so that you can access them when you don't have internet access.

https://github.com/PhilippC/keepass2android/blob/master/docs/Documentation.md

It only creates a security vulnerability if an attacker knows your master password and has access to your device or can access your Android cache remotely. If you're concerned about this you can clear the cache manually.

https://www.makeuseof.com/tag/clear-cache-android/

• In terms of saftey - without the pwd nobody can obtain information about your DB. When someone is able to crack your DB pwd they're probably able to crack your container pwd as well. Decrypting containers is as hard as decrypting kdbx files - choose one good pwd for your DB and you'll be fine
• Keepass2Android is Open Source. It offers good online sync with support for dropbox, nextcloud, google drive, etc. Works like a charm for me

Can you share your results, from the troubleshooting steps I provided?

Moving forward, if you don't mind you can also remove the version you have installed and the browser plugin.

Proceed to install from the command line with:

$ sudo add-apt-repository ppa:phoerious/keepassxc$ sudo apt-get update$ $ sudo apt install keepassxc

these are the official steps for ubuntu

https://keepassxc.org/download/#linux

After installing that way, download the plugin for firefox and test.

I don't know what the problem is, but could be a problem with the version on the app store?

No, you can't have different passwords for read/write. It would not be possible to enforce that anyway since both people have full access to the file and anyone who can decrypt the data can overwrite the file. You'd have to manage that access at some other layer such as the file system or network access layer.

One option you can consider is using KeeShare (this is supported in KeePassXC but I'm not sure about KeePass). This allows you to share a subset of your credentials in a separate database and you can then control whether you want to allow import, export, or both back to your main database. See here: https://keepassxc.org/docs/KeePassXC_UserGuide.html#_database_sharing_with_keeshare

I assume you're asking if there is any way to open multiple databaes at once by unlocking only one database and yes, there is, It's called "AutoOpen"

Here is the link for it: https://keepassxc.org/docs/KeePassXC_UserGuide.html#_automatic_database_opening

I hope that's what you meant.

>keepassxc does not support 2fa as far as database decryption goes. best you can do is a keyfile

Well, having something to provide to KeePassXC is a second factor in addition to your password. Sure, it doesn't change every time it's presented like U2F or HOTP/TOTP, but it is still a second factor.

KeePassXC also supports the Yubikey challenge/response protocol. Like the key file, unfortunately the response doesn't change unless the database is modified.

I know KeePassXC doesn't want to qualify either as a second factor, but both the key file and the Yubikey is something you have in addition to something you know, so personally, I disagree with KeePassXC.

Photo ID badges, bank cards, physical keys, and other things that require physical possession and presentation during authentication are considered a second factor in multi-factor authentication, so I don't see why a key file or challenge/response protocol wouldn't be.

KeepassXC is cross-platform, integrates much more functionality natively. He has a much more active development. I think it’s more secure because there is no need for any plugins. I prefer the interface. Database password is compatible between keepass and keepassxc. Test it. I think there are all the features you want, natively

https://keepassxc.org/

( I recommend keepassdx for android, with magickeyboard)

Did you check the official migration guide?

For nerdy troubleshooting, use this wiki page.

In KeePass 2, there is an option to "Show additional auto-type menu commands." One of the commands is {PASSWORD}{ENTER} and it can be seen when right clicking an entry. You can also use triggers to create a button on the toolbar that initiates that auto type sequence.

That's odd... I've just tested with Firefox and KeePassium AutoFill works normally.

I can think of two things to check:

1. Make sure that AutoFill is configured properly (system settings — Passwords & Account — AutoFill Passwords should be enabled, and KeePassium should be selected).
2. Maybe AutoFill has trouble detecting login/password fields on a particular page. Try with the KeePass test form.

I'm not downvoting anything; that's a crazy claim, if you can recreate it, then sure it's a software bug (assuming the keyfile's and database's hashes are consistent throughout), if not, you messed something up; look around the subreddit, their forums and their awards: https://keepass.info/ratings.html, this isn't some new small project, something so wrong like this would be almost impossible to exist.

So again, try to recreate it and see what happens.

For Windows, the official KeePass is the best (and you can run the Windows version with Linux, see this).

If you absolutely want to run the same software for Windows/Linux, then choose KeePassXC. Avoid KeePassX because it hadn't been updated for years.

It's a KeePass configuration.

You set the main options in the GUI, save, then find the config file and copy it over to your portable install and overwrite. Then you can test to make sure the secure desktop prompt comes up

The kind of parameters that require a plugin:

https://keepass.info/plugins.html#ppgen

Or somewhat less effective:

https://keepass.info/plugins.html#propwgen

My email password is a randomly generated gibberish sentence with over 90 bits of entropy (from the method, not from a crappy characterwise estimate), taking the form:

"Quantifier adjective noun verb quantifier adjective noun punctuation exclamation punctuation"

The same account stores a backup of my database in case of disaster, so I make sure I still have it memorized every couple weeks or so.

I can easily remember 3 or 4 of this or a similar pattern (for my master password, work login, etc.). More would be tough, but with a password manager, I only need to memorize a handful anyway.

From my experience working with the global hotkey is a lot better.

you make sure that the title is contained in the target window[and the option enabled in the options]

and hit ctrl+alt+a even when keepass is out of focus it will automatically fill your details.

NOTE 1: TCATO is disabled by default and needs to be enabled for each entry

NOTE 2: you can alter the autotype sequence to match your target website/app. details: https://keepass.info/help/base/autotype.html#autoseq

also the default password generator can be changed if needed.

Keepass still requires Mono, which has a shedload of dependencies. Yes, the page lists only 21, which wouldn't be bad, but there are transitive dependencies that make it a far less decent solution.

I think there should be a plugin that works on linux as well, though I don't have personal experience with the Linux version myself. They support a wide variety of cloud services:

https://keepass.info/plugins.html

One minor modification I'd make to this is to install a plugin or set up a trigger to sync with the OneDrive copy instead of saving there directly. This should prevent data loss or corruptions in case of network failure or saving from multiple devices at one time.

Since you already use Google Drive to save KeePass database file, you can simple install Google Drive for Windows Personal (aka Backup and Sync):

https://www.google.com/drive/download/

https://syncthing.net/downloads/

Synctrayzor if you have Windows and install the Android app. SyncThing is peer to peer so if your pc isn't on and you modify it on your Android it'll sync once you turn your Pc back on and vice versa. Just put your KeePass file in a folder than is synced and you should be good. Enable version history (eg 5) for peace of mind!

>I like Keepass but this problem is pushing me to use Bitwarden

This is not a Keepass problem. Your two devices apparently can't manage to reliably push changes to your cloud copy. I used a similar setup with GDrive, where I linked Keepass2Android directly to the GDrive DB; I didn't make changes to the DB on my Android phone, though.

You can try and let apps like FolderSync manage the sync. Another alternative, which I set up recently, is letting Syncthing manage the sync between my devices in a decentralized manner, so I don't have some Google or Microsoft sitting in the middle.

Don't forget that Keepass2Android also has an Offline Edition which does not require network permission, so you can use OneDrive to sync password database, while Keepass2Android only accesses the sync'd local file, i.e., it will not be able to secretly upload your master password/key to its server.

I recently started syncing a backup to my NAS with an app called "Folder sync"

It has a free option supported by ads and a played version without. This makes it easy for testing it out.

For me it works wonderful and I have no complains. It has plenty features and options. In fact I liked it and bought the "premium" app in order to support it(IMO the ads were implemented good and were not that intrusive). In case you end up as me and had several folders and syncs setup for different services(expect my NAS I had a sync to Dropbox going) and you wanna pay but don't want to setup everything again on the payed app, there is the option to buy premium via an in app purchase. This way you can keep your setup but remove the ads.

I hope I don't sound like an ad but I don't known any other sync services. Only thing else I can think of is the good old manual copy/paste on a USB drive.

My KeePass DB is on Google Drive : https://sourceforge.net/projects/kp-googlesync/ So i can access and modify from everywhere, i've got versionning and backup. On my Phone, I use KeePass2Android. It works well, and keep a cache of the last DB.

And DB is protected by password and a local key file. This key is only on my PC and on my Smartphone (and my home NAS). So even if my Google account is compromised (double auth.), my DB access remains safety :)

Very judgemental ! ^^ We already have a famous VPN called HideMyAss, "to keep one's ass covered" (or "safe") is a mainstream expression. So I don't think it's absurd or that it takes so much mind pollution to imagine a pun here.

I use the word sequencer plugin and create a configuration which has two words with separate wordlists for each word, so that I can generate random adjective+noun pairings. I downloaded the Moby Part of Speech List and did some processing to get two separate lists of nouns and adjectives. Now what I do when I want a new unique username is set up the configuration, then look at the "Preview" tab to see a bunch of possible usernames, and pick my favorite.

You also can add:

• On a USB Key protected by fingerprint only access (like this one: Lexar Jumpdrive Fingerprint F35

This is actually my first time hearing about AuthPass and KPass. All the attention is usually focused on DX and KP2A. KPass appears to be closed source, so it's a nonstarter for me.

Try reporting it in [Keepass2Android issue tracker](https://github.com/PhilippC/keepass2android/issues), they are better equipped to help with app-specific issues.

I wanted to reply to my original thread, frustration at not being able to have browser integration AND have files encrypted inside the .dbx file open under Mint (Ubuntu I suppose) using Firefox from the repositories, and KeePassXC installed as a flatpak.

Well, I broke down today, removed the flatpak of KeepassXC. I then installed snapd (crazy for one program) and then installed the KeePassXC snap. Also downloaded the script from this page https://keepassxc.org/download/#linux, made it executable and ran it, choosing Firefox as my browser.

Opened Firefox, and voila! THe addin works like a charm. So there is a configuration that works on Linux, and it seems to be KeePassXC as a snap, and Firefox from the repositories.

Thank you developers for keeping this going for Linux.

It has so much more features than others. If you go through the features tab on Keepass website you'll see. Two obf... Autotype, master password entry in secure desktop, TAN, better password generator IMO. It also has a stupid amount of plugins that only exponentially increase its features.

If you are using the official KeePass, I would recommend KPSimpleBackup plugin, which can be configured to automatically back up your database and configuration file to several directories, I use it to back up my data to

1. a different directory then KeePass' default;
2. a directory on my external usb drive;
3. a directory on my NAS.

All files can get corrupted, and all files need to be backed up in several places. Especially sensitive files such as a list of passwords. This is not specific to Kee Pass. It's just a basic security rule when using a computer.

>The repair functionality should be seen as last hope. Regularly making backups of your databases is much better and has to be preferred. Backups have no cryptographic security implications. There are plugins that automate the backup process, see the KeePass plugins page.
>
>https://keepass.info/help/base/repair.html

If you did not make regular backups of your Kee Pass database, maybe you made regular backups of your whole computer or data. Maybe there is an automated system on your computer you're not aware of which makes automatic backups.

What KeePass program are you using? I’m not sure about the other alternatives, but for the official one, you can specify a title to match for AutoType. You can also use wildcards. So in your example, you can replace the “…and 7 more pages” with a wildcard (*).

Learn more about AutoType here: https://keepass.info/help/base/autotype.html

You can double click on the username field for the desired entry to copy it to clipboard. Then you can paste it. The same is true for the password field. Just double click to copy it.

However, you can edit the entry and override the default auto-type sequence. Do something like:

{USERNAME}{ENTER}{DELAY 2000}{PASSWORD}{ENTER}

This will type in the usrrname, hit enter, wait 2 seconds (giving the webpage you’re on enough time to go to the next step), type the password abd hit enter. works for me.

Leaen more about autotyoe here:

https://keepass.info/help/base/autotype.html

https://keepass.info/help/kb/trigger_examples.html

Here are multiple native Keepass trigger examples that are very useful for such automation tasks. The Dropbox one is what I've applied for USB sync too.

It depends on your system. If set the database based on your lower performance device. Read the argon2 section and follow the instructions

Keeping password and TOTP codes in same place is not a good thing. Use separate authenticator app. To recommend one, use Authenticator Pro. Use any Authenticator which is open source like Aegis, andOTP etc.