[ObsoleteNerd]

I’ve been using KeePassXC almost as long as it’s been available, and couldn’t be happier. Database stored on my NAS and synced to Dropbox for when I’m out, gives me access on all my devices without having to worry about whether x or y service will still be around in a year or 2.

[szszrk]

I do this as well, although tried lastpass and bitwarden. It just wasn't that great and those "standalone" apps were just silly compared to keepass/keepassXc.

One thing that was a killer feature for me: keepass2Android was WAY better to in integration to my android devices. Tried to convince family to use a password manager, but lastpass was a failure on some devices. Keepass with sync to some cloud is perfect - database with multiple copies, works well.

[nanna]

Syncthing is a nice alternative to Dropbox. If you use multiple computers at different locations, you could, say, use Syncthing to sync your KeepassXC database between your home computer and your phone, and between your phone and your work computer, without it ever touching a third party service.

[rcMgD2BwE72F]

It has worked for me perfectly for quite a long time. All my personal documents and photos are synced between an Android phone, my RPi 4 and my laptop. I haven't touched the settings for years. It just always works, 100% perfectly. I don't understand why it isn't more popular.

[qmmmur]

I managed to get syncthing running well in my rpi4 but the sync was just abysmally slow. I'm on gigabit internet however the time delay between syncing and then syncing itself was slow. I think it is more to do with a delay in handshake or device discovery than the transmission of data itself. Any tips for making the discovery better/faster?

[spanhandler]

"First, you'll want to set up a server" and you're already down to well under 1% of the population that'll be interested in reading any further, let alone following through and actually doing it.

[boring_twenties]

I doubt the OP intended to ask why it wasn't popular among the general population. That seems obvious. I would interpret his question as asking why it's not more popular even among the subset of people who are happy to run their own servers, like readers of this very board.

[CarbyAu]

:-) And now I have another "for the family" project. Thanks, I think...

[40four]

Started using Keypass about a year ago, I really like it. Just wondering if Dropbox is considered a safe place to store the DB files? I did this for a while, but then I got paranoid and switched to something fully encrypted.

For sharing between devices I found Firefox Send to be useful (before it went down, hope it comes back), also Keybase filesystem is one of my go-tos as well.

Maybe I’m being overly cautious, but I sleep better at night knowing my DBs are encrypted.

[WorldMaker]

The database files are encrypted by your master password (and optional key file, etc) at rest, but paranoia with your sync provider is valid. It's one of the reasons that I like Keypass, because sync provider is something I control and any "file-like" share can be used I don't need Keypass-specific providers.

Fwiw, I've lately been using Resilio Sync, which is BitTorrent style peer-to-peer between devices I control and encrypted over the wire as well. It also supports advanced encrypted shares where you can even have "know nothing" devices that help to seed/participate in your shares but can't read/write inside them, as an interesting tool in "personal cloud hosting".

[vbezhenar]

Your database is encrypted by default. Additional encryption won't hurt, of course, but you can absolutely use Dropbox.

[40four]

Right, I guess my concern was a brute force attack on a DB file if it fell into the wrong hands. I looked at the main website again though, and apparently the official Windows app has some protection against this. It says however, KeypassX (and I assume therefore KeypassXC) does not have the same level of protection.

Another comment mentioned using a key-file, so maybe I will revisit that approach, since I used password only when I started.

[vbezhenar]

To prevent brute force attack, you should choose long enough password and adjust iterations parameter on Key transformation. Basically more iterations = more time to brute force, but your application will spend more time opening the database. Longer password = less likely for brute force to succeed.

For me 12 characters password with default 60 000 iterations seems safe enough. My estimation is that it would take at least millions of dollars to break it and my passwords are not worthy of that. You can easily make it into unbreakable for a foreseeable future by using something like 16-characters random password and 10 millions of iterations.

Key file of enough length is like an unbreakable password. But you probably can't remember it, so be careful not to lose it. My database is accessible on public URL which I remember and I remember my password, so I can always download it anywhere and open it. I think that it's a big advantage and I wouldn't want to lose it.

[40four]

Great, Thanks for the advice!

When I decided to start using a password manager, I was drawn to Keypass since it is open source and I don't have to rely on any third party service. But learning how to use it correctly, and juggle your db files among all your devices requires a sound, thought out strategy!

[cpburns2009]

I store the KDBX file in Dropbox, store the key file elsewhere, and use a strong password. Without the key the database file is useless.

[40four]

I currently only use a password/phrase, but I will consider using a key file as well. My concern was a brute force attack on a compromised DB file. But I guess as long as the key-file was never put in the cloud, this would alleviate that concern?

[JeremyNT]

Yes, when you want to use a new device you sideload the key file onto it in a secure manner (i.e. USB).

On Android this presents some issues though, since the last I checked the keyfile had to be added to the "SD Card" class storage, which other apps can also access. If you are on android and go this route, be really careful about the types of apps you install that have Storage permissions (good advice in general, of course).

[40four]

Good points. I used to use Android, but recently switched to iOS, mostly because I have a Macbook pro and iMac.

I'm not blown away by the iPhone in general honestly, but being able to sync everything between the Mac devices is super convenient. The ability to easily share files wireless-ly between all of them via Airdrop is fantastic. Great use cae for moving KBDX files, or in this case key-files is super useful.

[nix23]

>Keybase

They are sold to ZOOM...since then i dont use it anymore

[qes]

If KeePass's database file wasn't secure on it's own, then it would be quite useless.

[zeeone]

If you’re concerned about security, you wouldn’t use Dropbox in the first place. Use mega.nz instead.

[Nullabillity]

KeePass(XC) encrypts the database on its own.