I'm a software engineer with experience across the software development lifecycle. My primary interest is software development methodologies and software process improvement.
I have no problem putting a KeePass database on Google Drive. It's encrypted with AES-256 and GZip compressed. Of course, my Google Drive is also behind a reasonably strong password and 2-factor authentication. My phone is also behind a reasonably secure PIN.
In order to compromise my password database, you would need to:
(1) Have physical access to my phone, know my PIN, and know my passphrase for my KeePass database.
(2) Have access to my Google account (through a password and 2FA) and know my passphrase for my KeePass database.
(3) Manage to steal my KeePass database from Google and know my passphrase for my KeePass database. However, if Google is compromised, I think there are bigger problems and more interesting things than my password database.
KeePass also supports a key file in addition to a database password. If I'm traveling I'll store my password database on Google Drive (secured by 2FA), delete it from my computer, and carry the key file with me (One copy on my laptop and one on a usb key stowed elsewhere, so if my laptop is lost I'm not stuck)
Then if somehow my Google Drive and master password are both compromised, my passwords are still encrypted. And if my laptop is stolen in transit, I don't have passwords stored on it, just a key file that is useless on its own.
I am not certain but there is probably a plugin to use a hardware token, if it's not natively supported.
I'm a software engineer with experience across the software development lifecycle. My primary interest is software development methodologies and software process improvement.
Personally, I don't see a need to use a key file over a passphrase or delete the local copy from my phone or computer. All of my devices are encrypted when off and would be off when they are not in my possession, so any bad actors would need to not only make a copy of the device storage, but also either know that password/pin or be able to break the encryption. There are a number of places where I simply wouldn't bring my normal phone or computer anyway, and the issue becomes a non-issue.
Regardless of if you are using a passphrase or not, your KeePass database should always be securely encrypted. I find it much easier to protect a secure password or passphrase than a key file. You start running into problems with a small number of keys that, if compromised, affect many things or a large number of key files that need to be managed.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I have no problem putting a KeePass database on Google Drive. It's encrypted with AES-256 and GZip compressed. Of course, my Google Drive is also behind a reasonably strong password and 2-factor authentication. My phone is also behind a reasonably secure PIN.
In order to compromise my password database, you would need to:
(1) Have physical access to my phone, know my PIN, and know my passphrase for my KeePass database.
(2) Have access to my Google account (through a password and 2FA) and know my passphrase for my KeePass database.
(3) Manage to steal my KeePass database from Google and know my passphrase for my KeePass database. However, if Google is compromised, I think there are bigger problems and more interesting things than my password database.
I love KeePass.
KeePass also supports a key file in addition to a database password. If I'm traveling I'll store my password database on Google Drive (secured by 2FA), delete it from my computer, and carry the key file with me (One copy on my laptop and one on a usb key stowed elsewhere, so if my laptop is lost I'm not stuck)
Then if somehow my Google Drive and master password are both compromised, my passwords are still encrypted. And if my laptop is stolen in transit, I don't have passwords stored on it, just a key file that is useless on its own.
I am not certain but there is probably a plugin to use a hardware token, if it's not natively supported.
Some of this is also good advice.
Personally, I don't see a need to use a key file over a passphrase or delete the local copy from my phone or computer. All of my devices are encrypted when off and would be off when they are not in my possession, so any bad actors would need to not only make a copy of the device storage, but also either know that password/pin or be able to break the encryption. There are a number of places where I simply wouldn't bring my normal phone or computer anyway, and the issue becomes a non-issue.
Regardless of if you are using a passphrase or not, your KeePass database should always be securely encrypted. I find it much easier to protect a secure password or passphrase than a key file. You start running into problems with a small number of keys that, if compromised, affect many things or a large number of key files that need to be managed.