I have a question regarding the KeePass password management program. According to the developers, the password database files are completely safe and free of any back-end access. Meaning that, if you lose your master password (or whatever method you uise to access) you're totally screwed. There is supposedly no way in but the main way using the master password. I have no reason not to believe this, but would like to confirm it with any experienced KeePass users.

Also, where should I store my databases for sharing purposes. I want to set it up so that a few members of my team can access our database, download (and upload) passwords, sync if desired, from any location. If I use the FTP access method, I can keep the database out of reach of the public. But, if someone is sniffing out my network (or there's a worm hanging out for some reason sniffing out traffic) and they get my FTP access info, I'm boned.

If I make it available via HTTP, I can at least password-protect the files, even though they would be accessable (or at least viewable) to the public...should they happen upon the location on the web where the file(s) are.

What I am looking for is any advice on the most secure method for storing KeePass databases (or any other sensitive files for that matter) that still allows sharing within my select team members.

Any help would be greatly appreciated.

Recommended Answers

All 2 Replies

I have no reason not to believe this, but would like to confirm it with any experienced KeePass users.

I cannot help you with this, for I use LastPass.... But in theory if you generate the containers Hash/Password I have no idea how they would be able to backdoor it, unless it was coded as such for "secret government" reasons... But just to let you know KeePass is open source, so you could download the sources files and look over the code yourself and build it, if you wanna be "extra" safe!

Also, where should I store my databases for sharing purposes.

One option, depending on how "funky" you wanna get, is to generate a TrueCrypt container and load the KeePass DB onto it and use DropBox to sync it (Desktop or Web Client).... You can give all your team members the DropBox account. BAM! everyone is in check. There are all sorts of options and methods (i.e. Also using TrueCrypt key files in addition to passwords), it depends on how complex and time consuming it may or may not be.

HTHs!

Yes, It is really good for new joining people. So i will prefer to that.
Thank for sharing

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.