I store the keepass file in a cloud sync service. The file is encrypted.
The keepass application can perform "auto-type" which works for all sensible applications and websites that have username/password input fields and a log-in button.
Recently, more and more websites split the log-in into two screens, first email and then password. This completely breaks auto-type and is horrible in every way. Please don't do it.
You're able to adjust auto-type for accounts that break the login into two pages. I learned this fairly recently as I had the same frustration as you. Ref: https://keepass.info/help/base/autotype.html
> This works if your environment allows a) installing applications and b) cloud sync using consumer clouds (dropbox, gdrive, etc
Re a) https://keeweb.info/ toss this onto any ol' free tier web host you want. No app install necessary. It's not as nice as the apps, but it works.
Re b) Is there an environment that both has a web browser that you want password management with and doesn't let you access any consumer cloud sync service?
There sure is. Most big companies work that way I would imagine. I can install browser extensions, no problem but local apps are restricted. Also Dropbox and others are blocked at the corporate firewall level.
Surely in such a place, blocking all that access means they care about security and therefore provide you with a password management solution that you also have no choice over.
I mean, installing browser extensions to deliberately get around their security measures seems a little bit counterproductive. They aren't more secure than local apps. Do you take this company's security measures seriously or is it just some hurdle to get around for you?
You can configure this in KeePass as well, I've done this for a few sites I actually use a lot. But I can't be bothered for every single service that decides to re-invent login.
If you don't require real-time diffing, i.e. only one user modifies the file at a time, dropping your keyDBs in a Keybase shared folder might solve your problems.
For just over a year I've been using Syncthing with a folder specifically for KeePass, and it's worked really well - I just have a raspberry pi running 24/7 so my phone and PC pick up the changes whenever I reopen my database. I imagine it's similarly hassle-free with a self-hosted cloud like Owncloud, too.
> Slightly? Just thinking about the synchronization between machines makes this an understatement in my opinion.
What are you on about? Synchronization is easy, you can use just about any service you like.
The fact that it's not kept on a server by the same commercial party that also sold you the security product, is a feature. And obviously necessary, since KeePass is free and open source.
I see leaking credentials bugs with browser-extension operated online storage commercial password software all the time on HN. Obviously you're paying for shiny, not security.
what people keep forgetting is that not everyone is in the situation where they are able to use those services. Using Keepass with cloud sync via Dropbox (or Gcloud, etc) is not possible in a lot of corporate contexts.
I've had my KeePass file stored in the cloud for years. I use the KeeAnywhere plugin on my Windows boxes for syncing there. And the Keepass2Android app natively supports cloud syncing also. Both even handle merging if the underlying file changes since load.
I used to use KeepassXC and I just kept my keepass database in a private github repo. It had the added advantage of being accessible from any command line as well as full version history of my passwords.
The keepass application can perform "auto-type" which works for all sensible applications and websites that have username/password input fields and a log-in button.
Recently, more and more websites split the log-in into two screens, first email and then password. This completely breaks auto-type and is horrible in every way. Please don't do it.