News and Reviews > Mini-Reviews by Members
Keepass Password Safe mini-review
rjbull:
Nice review, which, especially with WR975's comments, told me useful things I didn't know about KeePass.
Two things not mentioned:
1) anyone grimly hanging onto Win98 (e.g. me) should use an older version of KeePass, 1.03. Later versions don't Auto-Type. I don't see a huge amount of difference between versions and they're file-compatible anyway.
2) One of the nicest things about KeePass' Auto-Type is its cooperation, or should that be non-cooperation, with the clipboard. That is, when you Auto-Type something (Ctrl-V or Alt-E, T), KeePass sends the information in a way that circumvents common clipboard enhancers. I don't know how broad the spectrum this covers, but data sent this way by KeePass doesn't show up in the free version of ClipCache that I run. Clipboard caching software would be a potential security hazard otherwise. Also, if you use Ctrl-B = Copy User Name to Clipboard or Ctrl-C = Copy Password to Clipboard, KeePass clears the clipboard after 10 seconds. This will be caught by a clipboard enhancer, but it's a useful help where a computer isn't running one.
jgpaiva:
Ok... You got me convinced!
I have just changed all my important passwords to secure passwords, generated by KeePass.
I'm very happy with KeePass. When i use it, i get that good vibe, as when i can notice that things were thought through and nothing as left at chance.
I specially like the fact that it has clickable fields for each entry. In the main view, where you can see the several entries, the fields "username", "password" and "notes" can be clicked and will copy their contents to the clipboard, cleaning the clipboard 10 seconds after. The "URL" field is also clickable, and will open the specified url.
Another important feature: when you change the password for something, that entry is copied, and stored under "backup", so that you won't loose the previous password.
I also like how it has extensive options on security behaviour, so that you can be as paranoid as you like! :P (i mean, having it lock itself on each 5 seconds of use looks like a bit of overkill to me, but.. oh, well...)
Now, for the missing features:
Passwords on the move! This method allows you to have secure passwords for everything, and stil be able to access them really fast. BUT, this way you won't have access to them when you aren't on your computer.
So, i think it misses a fSekrit + uploader kind of thing. There should be a way to upload all your passwords (or only some selected ones) to an internet server, in an encrypted way, but such that won't need any special program to access it, which means... fSekrit!!
Still, 9.9 out of 10 ;) (it'd get 11 out of 10 if it had that last mentioned feature :Thmbsup:)
Thanks josh, for this great finding!
Rover:
jgpaiva - nice comments. re: passwords on the move: one thing you can do with keepass is copy the database & keepass to a USB Drive. That sort of solves that issue.
I don't recall if this was mentioned in the review, but you can actually use a USB drive (or floppy) as a key disk. Have the key, open the database; don't have the key, no luck. Kinda cool, but not for me.
Josh:
Yes, the keydisk feature is a very nice one. I sorta whipped this review together last night just to get it to the masses so I didnt touch on everything, or be as thorough as I should have.
The key disk feature basically stores a key file on a removable drive so that you can use it as well as a password to authenticate into the DB. Very nice security.
jgpaiva:
That's true, Rover, the key can be a usb flash disk. I even use it like that. ;)
But, there's 2 issues with what you mentioned: i can't just carry around the database in the same place i carry my key, that wouldn't be safe. But, more importantly, how would i open the database on a computer without keepass instaled?
That's why i mentioned fSekrit, because it's an executable, which can be used in any windows computer.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version