Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I use KeePassXC [1], which is open-source, and I sync it across my iPhone, Windows laptop, and Linux desktop via Tresorit [2] (like Dropbox but end-to-end encrypted). It's secured with a password that I know, and a keyfile that I have. I don't sync the keyfile and always manually transfer to new computers.

I also use Arq [3] to automatically backup to S3 every hour, and I also do manual backup to my external backup drives once in a while.

  [1]: https://keepassxc.org
  [2]: https://tresorit.com
  [3]: https://www.arqbackup.com


I recently did a bunch of research into password managers, and went with Keepassxc as well. I'm using Syncthing to sync the password archive across Linux, Mac, Android, and Windows devices. The whole setup is working very well and is all open source.


Agreed on use of keepassxc - fantastic utility.

I don't, and wouldn't, use dropbox or any other non-free non-self-hosted system to manage the storage or synchronisation of my secure data, so it's unison(rsync) and/or ssh'd between desktop and laptop.


I store my password file on my phone, and use KDEConnect to access it on my desktop when needed.


If only there's a way to do that with my iPhone :(


There are file sync apps that work with iOS devices that work with self-hosted file sync solutions.


do you have a particular one you recommend?


I don't use one, but to give an example, Google for "nextcloud iphone".


Seafile has an iOS client.


I've used various KeePass variants for the past 10 years or so. For anyone on Windows, I still recommend the original at http://keepass.info/.

For everyone else KeePassXC is really nice.

I really like that there are so many "clones" and variants that can read/write the file format natively: https://en.wikipedia.org/wiki/KeePass#Unofficial_KeePass_rel...


Why not use dropbox? It is only used for sync databases, not access them, I always though if someone found my keypass database encrypted it would be useless.


Paranoia

Yeah, the KeePass database is encrypted and I secure it with both password and keyfile, but I still want something that won't leave my database "out there" available for bruteforce attempts or other attempts at it.


It's hardly "out there" though. A hacker would still need to hack dropbox before they could access your keepass db and begin brute forcing. What makes your own private server more secure than dropbox's network?


You're trusting them to not have issues like this: https://blogs.dropbox.com/dropbox/2011/06/yesterdays-authent...

I don't trust the servers (Dropbox or my), and thus I want it encrypted on my computer prior to sending it out on the Internet.


I suppose it couldn't hurt!


What is the cause for your paranoia about keeping your keyfile in your Dropbox? I have used and advocated this model for years with no ill effects.

My Dropbox is secured by MFA, with the Dropbox password itself being a random password within the KeePass keyfile. I store the whole Keepass program for Windows inside the same Dropbox account, feel free to indicate that as a security gap. On mobile I use the KeePass2Android app.


You meant the kdbx file right? not the separate keyfile you can use to secure the kdbx file with.

I think the feeling is the same as the feeling of just leaving your SSH private key "out there". Sure, it's protected with a passphrase, but I still don't want to do that.

Can you trust Dropbox would never have security issues? See https://blogs.dropbox.com/dropbox/2011/06/yesterdays-authent...

Didn't matter if you have MFA or use a secure password.


Some people will not be satisfied so long as the keyfile, KDBX, and password reside in the same version of our shared reality, as it's still mathematically possible to decode the numbers into something they personally value.


you can also encrypt the db file it self (before putting it on dropbox) with something like EncFS.


I used to do that when I used purely Linux. However, once you bring iPhone and Windows into the picture it doesn't work anymore.


This is my solution as well. I back it up to a sftp server to keep it synced across my devices.


I use the standard keepass 2 client on my windoes machines, and keepass2android on my phone. Clients only access the file via ssh to my server at home so it doesn't require storing the database on other machines.


Same, but using Keepassdroid + DropSync use it on, and sync it to, my Android phone.

Crashplan is my backup tool of choice and also backs up the Dropbox, just in case...


What do you use to read the DB files on your phone? I'm new to iPhone and looking for an app I trust right now.


I use MiniKeepass [1]. It's open-source [2] and I build it myself to load onto my phone.

  [1]: https://itunes.apple.com/us/app/minikeepass-secure-password-manager/id451661808?mt=8
  [2]: https://github.com/MiniKeePass/MiniKeePass


Awesome thanks!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: