Safely storing passwords ... synced and available on multiple computers?

Carson Dyle

Diamond Member
Jul 2, 2012
8,174
524
126
What is a good, secure approach to storing passwords so that they would be available from multiple computers? Work, home, my laptop, etc. They would need to be synced on all systems when a change is made.
 

Chiefcrowe

Diamond Member
Sep 15, 2008
5,046
177
116
You can also use a portable version of keepass and store it on a cloud location accessible to all of the computers.
 

lxskllr

No Lifer
Nov 30, 2004
57,410
7,592
126
You can also use a portable version of keepass and store it on a cloud location accessible to all of the computers.

This is what I do. I keep a whole KeePass portable folder synced to SpiderOak, and use the database with KeePassX on Debian.
 

Carson Dyle

Diamond Member
Jul 2, 2012
8,174
524
126
Questions about lastpass.com:

I gather this is an application that runs on each computer accessing the password database and that it closely integrates with browsers to auto-fill password forms. Is it possible to view the plain text version of any password? Is it possible to view/save a master list of all passwords in plain text?
 

Carson Dyle

Diamond Member
Jul 2, 2012
8,174
524
126
Questions about using KeePass:

Do you store both the application and the database in the cloud, or only the database? How does it differ from LastPass?
 

lxskllr

No Lifer
Nov 30, 2004
57,410
7,592
126
Questions about using KeePass:

Do you store both the application and the database in the cloud, or only the database? How does it differ from LastPass?

Never used Lastpass, but for storage, you can do either depending on the exact version you're using. I find it convenient to store the whole portable application in the cloud. That way I can get the database, and have something to open it with in one shot, and without installation. KeePassX uses the same database, so I have that installed on my primary box, and it uses the database from my SpiderOak folder. KeePassDroid also uses the same database, and I have that on my Android tablet.

All my experience is with the 1.x version, which still has active development. 2.x has more features, but also has more dependencies which is why I haven't used it. I don't know how interchangeable 1.x and 2.x databases are.
 

Carson Dyle

Diamond Member
Jul 2, 2012
8,174
524
126
Thanks.

A little OT, but I understand SpiderOak encrypts everything that is stored on their servers. I have a Dropbox account. Does anyone know if Dropbox also encrypts files it stores in the cloud, or do they only encrypt the communication between the app running on your computer and their servers?

I realize this doesn't make any difference with KeePass, as the password database itself would obviously be encrypted. I was just wondering about the inner workings of Dropbox.
 
Last edited:

lxskllr

No Lifer
Nov 30, 2004
57,410
7,592
126
Dropbox stores the files encrypted, but they have the keys. That means they can(and do) open the files, or be forced to open the files. SpiderOak doesn't hold the encryption keys, so the only way to decrypt them is directly through you.
 

Carson Dyle

Diamond Member
Jul 2, 2012
8,174
524
126
KeePass set up like this would work offline, correct? I assume SpiderOak works the same as Dropbox and keeps copies of all files stored both locally on the computer(s) as well as within their cloud storage.
 

lxskllr

No Lifer
Nov 30, 2004
57,410
7,592
126
KeePass set up like this would work offline, correct? I assume SpiderOak works the same as Dropbox and keeps copies of all files stored both locally on the computer(s) as well as within their cloud storage.

Correct. KeePass doesn't have an online component unless you set one up yourself. That could be considered a deficiency when compared to other solutions, but I don't trust companies to properly care for something like a password safe. I prefer to use libre software that's controlled by me. I can then use any service, or no service to keep it synced online, and I'll always have my passwords under my control.
 

FoxFifth

Member
Feb 16, 2010
139
0
0
Questions about lastpass.com:

I gather this is an application that runs on each computer accessing the password database and that it closely integrates with browsers to auto-fill password forms. Is it possible to view the plain text version of any password? Is it possible to view/save a master list of all passwords in plain text?

You can view the plain text version of a password (as long as you are logged in) and you can export or print a master list.
 

corkyg

Elite Member | Peripherals
Super Moderator
Mar 4, 2000
27,370
238
106
I do that with Roboform To Go. It puts the encrypted file on a Thumb Drive, and you can use it ony computer.