What are /r/KeePassium's favorite Products & Services?

From 3.5 billion Reddit comments

KeeChallenge plugin for KeePass is not compatible with KeePassium. To open your database on computer, you would need to use KeePassXC.

Some people used iCloud Keychain AutoFill together with KeePassium. This caused quite a bit of confusion and trouble. In the previous release, I blocked input from iCloud Keychain (and other AutoFill apps in general, there is no way to differentiate). In this release, it is possible to enable that back again, for those who really need it.

There is more detail in the blog post.

> What does it mean to open the list of databases?

You need the screen titled &quot;Databases&quot;. KeePassium either starts on this screen, or you can get there by tapping "< Back" or "< Databases" in the top-left corner.

You are right, with safe saving the creation timestamp would have changed.

To be honest, I am running out of ideas. As a last resort, try the beta version — there were some deep changes in how KeePassium works with files. I don't expect miracles, but who knows…

Thanks for the help. Looks like it only works now if I'm saving from keepassXC to Keepassium, but NOT from keepassium to pCloud. When I make a change on the databse using Keepassium, it saves successfully, but when going in the files app, it shows the file uploading then gets stuck on "waiting...". When looking at my cloud provider, it seems that the file hasn't been uploaded and as such, the changes made on keepassium are not reflected on my workstation.

I went through the documentation for pCloud and troubleshooting. Do you know why this happens? Thanks again for the help :)

30-40 MB is way too large. The troubleshooting page gives 5 MB as a reference:

> By default, KeePass apps compress database content before encryption. Thus, even if the file is relatively small (5 MB or more) it will need much more memory to load.

It might still work sometimes (the system enforces the memory limit rather unpredictably), but for stable work you would need to move attachments to a separate database.

Just to wrap up: memory protection with Secure Enclave was released in 1.28 on 26 Nov 2021, after a month of beta testing. There were a few other security improvements, too :)

Hello!

First of all, good news: you can still extract your data from MiniKeePass even if it does not launch.

As for entry sorting, try the button in lower-left corner of the screen :)

>That would be a handy feature to implement (if possible)

KeePassium already makes backups, but only locally on device (which can be lost or broken). The rest is up to system-wide backup (iTunes/iCloud). After all, KeePassium is a password manager and I'd rather keep it focused.

>so people don't have to make manual or scheduled local backups using other means.

I would argue that forcing people to consider backup using several means is probably a good thing. Any single app can fail, so the more failsafes the better...

>Absolutely love it. Thank you for developing a program that helps simplify life. My only regret is not finding out about Keepassium sooner. You guys are excellent developers and hats off to whoever designed the UI, it's wonderfully intuitive.

Thank you! As a one-man band, I am flattered :)

Thank you for your feedback. I understand these features are important for some users.

Since you commented in another topic, you have probably seen my previous reply:

>Unfortunately, I cannot publicly commit to any specific timeline. Life happens, and the best way to keep promises is to make them very sparingly...

All features are added only when they are ready. For the ones you mentioned, the groundwork is underway. To get them as early as possible, feel free to join KeePassium beta.

Thanks for building a macOS app. Seems to be working even on my old 2012 MacBook Pro with unsupported Big Sur installed. Right now I am testing KeePassium on iOS and macOS since I want to get rid of having my passwords in the cloud. I am using Windows and macOS, that's why I wanted to work with KeePass. At the moment, KeePassium is not working that good with Synology Drive on iOS, but you already mentioned that (https://keepassium.com/articles/sync-ios-keepass-with-synology-nas/).

Now a question for this topic. Since I am testing and also having my passwords in iCloud Keychain I want to turn off the iCloud passwords like you can on iOS. Is it possible to do this on macOS? I only see an option for turning off Autofill completely.

Thanks. Yeah, YubiKey is firmly an "advanced user" territory which requires premium...

There are two points that might be helpful:

• You don't have to renew. Having been a subscriber for 12 months, you get a perpetual license for most of premium features (YubiKey included). This way, you can get KeePassium Premium for 1/3 of YubiKey's price.
• You can install KeePassium beta. It might be rough around the edges and unstable at times, but it has all the premium features included. (Make sure to have a backup of your database, though.)

Most of apps that integrate the WebDAV server to the Files app. Boxcryptor seems to be the most reliable in terms of background sync, but it does ask you to create a (free) account.

And just for completeness: How to sync KeePassium via WebDAV

Thank you for the follow-up! This is a relief :)

> Still it is strange that it happened on both phones at the same time.

Well, the passwords were probably changed a while ago (you can test this on backup files). So the question is why KeePassium asked them both to enter the database password.

I can offer two hypotheses:

• A recent OneDrive update has broken KeePassium's link to the database, so they had to re-add the database to the app. This erases the stored master key and requires the user to enter the full database password.
• They used the app often enough to hit the &quot;heavy use&quot; threshold. So KeePassium capped the database lock timeout at 5 minutes, also erasing the stored master key.

Anyway, I am glad this ended well!

Hi, thanks for reaching out!

The reason is that current KeePassium version does not process .keyx files correctly. It takes them as a generic "raw binary" file, instead of parsing the actual key inside.

Support for .keyx files has been added in the latest beta, which is in beta testing at the moment. If everything goes well, it should be released on the App Store in about a week.

In the meanwhile, you can switch to a non-keyx key file or go beta (but make sure to backup your database, just in case).

Synology Drive is a special case, they have a known issue with caching.

I have reported the bug to Synology (ticket 2604475). On 1 Sep 2020 they replied:

>Upon further inspection, our developer confirmed that on some occasions, when using the iOS Files app to browse files on Drive, it does not show the latest version of the files.
>
>They are currently working on a fix that will be released on a later date.

This is a common issue after iOS 14 update — it breaks KeePassium's links to files. So if you updated recently, this would explain the "why".

If you store your database in On My iPhone(iPad) / KeePassium, the problem is likely limited to AutoFill. The app itself should work just fine. (The main KeePassium app and its AutoFill module have separate/independent file lists, due to a technical limitation on iOS.)

The solution is listed in the error message: re-add your database. That is, go back to the list of databases, tap Plus button → Open Database, and select your database. This will re-link the file to KeePassium and it should work again.

If you cannot find your database in your folders, you can try to restore the file from KeePassium's backup copy:

• Open the list of databases
• Open list settings (bottom-left button)
  • Turn on Show Backup Files
  • Set sorting order to Modification Date (Recent First)
  • Tap Done to close settings
• Backup files will appear in the list of databases. Find file that ends with .latest.kdbx → long-press it → Export → Save to Files. Rename the database to something meaningful and save it to On My iPhone(iPad) / KeePassium.
• Pull down the list of databases to refresh it. Your restored database should show up in the list.

Not sure what else to say. It uses the files app. Here is a blog post on the error. Maybe it will help.

https://keepassium.com/blog/ios-14-file-doesnt-exist/

Nextcloud sync is a hit-or-miss experience: it works just fine for some users, for others it's pure frustration. That's why in KeePassium's AppStore description Nextcloud is mentioned with a "(with hiccups)" disclaimer.

>it's just that it appears to require the IOS NextCloud client to be opened, to do the sync.

Yes, this is a known issue of the Nextcloud app. There is nothing I can do about this on KeePassium's side...

>Maybe I just need to enable the NextCloud client as a background app

This would be the necessary condition. Background sync might have its issues, but it will certainly not work if disabled :)

Hi, sorry about that... I have replied to your email.

P.S. All the official contacts are listed on https://keepassium.com/contacts/ And the Twitter account should accept all direct messages now.

This pretty much covers all the aspects.

u/dev_jp, here's a brief guide on how to sync KeePassium with Dropbox. And there's also a nice KeePassium review + setup guide.

If something does not work as expected, can you please describe what you do, what you expect to get and what happens instead? Thanks!

I'm not sure I understand the question, but maybe this would help:

• KeePassium is only available on iOS devices at the moment.
• KeePassium already supports YubiKey challenge-response authentication (not FIDO).

Happy to be the first app to unlock this milestone for KeePass users!

Here's a how to guide for the initial steps: https://keepassium.com/articles/how-to-use-yubikey/

If you have OneDrive Personal, that would be an obvious choice. If all your devices are made by Apple, then iCloud Drive. Otherwise, any of the supported clouds (except Nextcloud, it is a bit unpredictable at the moment).

>is there a possibility to buy KeePassium directly for 50$? If I have to buy it over in app, I have to pay 150$ for my family.

Not yet (in-app purchases don't work with Family Sharing), but I'm working on it. This should take a few days (more if Apple reviewers will need more convincing)

>I have installed nextcloud and can choose it with iOS folders, but I can't open the file. I can only open the file directly in nextcloud. But if I create a new login, it will not been shown in all vaults.

What happens when you select the Nextcloud-based file in iOS Files app? Do you get any error messages?

In general, Nextcloud sync is a bit problematic — make sure to check the known issues. The iOS 13 probably added a few yet-unknown ones, too...

Hey! Thanks for the suggestion. As I already mentioned, local caching will be surely considered as the app evolves over time. For the time being, you can copy the DB directly from the GDrive app, even offline (more details).

>For the database password, you cannot use Face/Touch ID directly.

Sorry for being inaccurate. Exactly that's the password i meant, ok that's a pity.(I have a pretty long password, db is synced between many devices, with special chars, numbers,... -> on mobile a pain... + YK as 2FA)

I see face/touch id is just a boolean and cannot store the pw itself, but is there a possibility to store the database pwd in the Applekeystore and insert it on f/t ID unlock + ask for a 2nd factor? (like in this Androidapp)

I've already set it up with the yubikey, and it works flawlessly. But just use the master key with an infinite timeout for the databaselock corrupts the idea of a 2FA a bit. (Or may ask for the 2nd factor [if configured], when masterpassword is used) -> in case the face/finger gets "lost" ;) it's still not possible to open it.

I hope it is a bit clearer now :)

Thanks

Hi! Yes, I know the 1Password news... Can you tell me where you got the Mac version from?

• From the App Store (runs as an iPad app on M1 only): normally, purchases should work.
  • Make sure that your Mac and iPhone are signed in to the same Apple ID account.
  • On the Mac, try KeePassium settings → Upgrade to Premium → tap "Already purchased?" Are there any error messages?
• From GitHub (runs on all Macs): this version does not exist on the App Store, so in-app purchases don't work there yet.
  • Let me know if this is the case and I will upload a more functional beta.

By the way, you can also check MacPass and KeePassXC. They use the same database format and have a more desktop-like UI.

KeePass has 69 standard built-in icons (they look like this). In KeePassium, these icons are drawn as blue outlines with the same meaning (a key, a globe, etc).

There are two reasons: aesthetic and historical. Back in 2014, I created KeePassB app for BlackBerry. It started as a proprietary app, so I could not use the LGPL-licensed KeePass icons and had to replace them. The result was good enough to bring them to KeePassium as well :)

That said, there is a feature request to make the standard icon set configurable (either blue outlines or standard KeePass icons). I intend to do so as soon as I get some time for the nice-to-have features.

On a more practical note: you can add custom icons to the database and use them for the groups. Your custom icons will override the blue-outline versions.

>Also, maybe the credential-forgetting in KeePassium could discriminate whether there’s a genuine error (database not available for some reason) or if I really did fail Touch ID or gave a wrong passcode.

This is a good idea, thank you!

&#x200B;

>How secure is my saved master password in a jailbroken environment? I’m thinking of a scenario in which I get my iPhone involuntarily jailbroken, could someone then do a simple lookup to get the saved master password?

Your master key is stored in the keychain service, which is one of most secure places on your phone. However, on a jailbroken device all bets are off.

If your phone is jailbroken, the attacker can dump the memory and keychain content. The memory may contain the loaded database in plain text, and the keychain may contain the database's master key. To minimize the impact, you can turn off the Remember master key option in the settings. But there is no way to reliably protect the memory.

&#x200B;

>Is a jailbreak part of KeePassium's threat model?

Well, I have thought about it, but there is very little an app can do:

>"Neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment. Users still are responsible for the security of their PC." — KeePass website

If the jailbreak was intentional, I assume the user understands the security implications. If your phone got jailbroken without your knowledge — the game is pretty much over. Your best bet is to turn off Remember master key so the master key is never stored in the keychain, and avoid opening your database on jailbroken device.

At the moment, KeePassium does not check if the opened database has changed since opening, and cannot merge conflicting edits like KeePass does — at least, for now. So, it would indeed be safer to open the database only in one place at a time.

However, randomly picking just one of the conflicted file versions seems to be WebDAV specific. Dropbox, for example, would overwrite the original file with one of the edited versions, and save the other conflicting file as "database (MyLaptop's conflicted copy 2019-08-20).kdbx" Afterwards, you can merge the two databases using desktop KeePass.

Some day, KeePassium will become smarter about merging simultaneous edits, but that will take quite a bit of time.