Answer the question
In order to leave comments, you need to log in
Additional password security in KeePass
Greetings.
Already used to storing passwords in KeePass, everything is quite convenient and safe at first glance, but the feeling that this is only at first glance does not leave. If you think about it, it doesn’t cost anything to intercept the password from the buffer at the moment it is inserted into the form, or even by taking a screenshot of an open KeePass, you can catch, if not passwords, then some useful information for an attacker.
Of course, strengthening the master password with various means (like key fobs) will strengthen the basic protection, but will not secure access to an already open KeePass (even if it is only a couple of minutes from unlocking to locking).
Actually, in connection with these well-founded unrest, the question of additional protection arose. How can you make your day-to-day work with KeePass as secure as possible without sacrificing convenience?
Calling the paranoid thread! Well, thanks in advance for all your replies :)
Answer the question
In order to leave comments, you need to log in
keepass has a lot of plugins.
I use it daily to autofill forms in the browser. On the browser side and keepass are set by the plugin, the connection between them seems to be encrypted, at least at the first installation it asks for the key for the connection.
There are plugins for putty if you are dealing with ssh.
It has the ability to write something like macros to run programs and enter passwords there.
As for the screenshot, don't leave an unlocked keepass when you leave :)
Hi all. My first post. There is no guarantee that the program for storing passwords does not send them all "on a silver platter" to a not very kind, but inventive uncle. I also have a lot of them, from banking, cards, so I found such a way out.
1) I use the LSN PASSWORD SAFE program - it is unique in protecting against keyloggers, copying by dragging and dropping bypassing the clipboard, and also linking the password file to a specific machine. It will not be possible to open it on another computer even if the password is stolen.
2) Hoping for the honesty of the developer, I still don’t tempt him) - I assigned a certain 4-digit pincode from numbers to all passwords and changed them everywhere on the sites, respectively. I just keep this assigned pincode in the program in the form of asterisks ****. As a result, having copied the password with asterisks at the end by dragging it into the browser, I quickly erase the asterisks with backspace and manually hammer in the pin. Here, if the keylogger traces the pin, it will not recognize the password. Although, of course, this is also vulnerable - because. by the handle of the window, you can easily read its contents behind the asterisks. But this is already the task of antiviruses - to prevent tracking input fields. Therefore, I just quickly enter the password and press enter so that the keylogger does not have time.))
Unexpectedly registering here, I got an account on Habré) I thought there was only by invitation ..
I will additionally rename KeePass.exe to KP.exe in case the trojan looks for the KeePass.exe process by its name.
If someone can take a screenshot on your machine at the right moment (a Trojan, I mean), he can read everything that is there from the program's memory. And there, of course, there is all the content with all the passwords.
Too much paranoia IMHO. Then you need to run your password store on your phone and enter the password manually. This is what I do when I don't trust the machine where the password needs to be entered.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question