Tuesday, November 25, 2014

KeePass Two Factor in the Cloud

There are those who love LastPass, but then there are those of us who are more than a little leery about putting passwords in the cloud. But then some of us who use Keepass may sync it to a keyserver or our cloud services which really is no more secure than Lastpass.

I will admit there are times it was quicker to upload my KeePass database to Google Drive than walk the two feet to grab my USB drive. At the end of the day your database is secured by your master password and its corresponding human limitations.

In addition to Linux Mint I also need access to my KeePass database on Chrome OS. I probally spend more time on my Chromebook than the Mothership (Linux Mint Cinnamon). I recently began using BrowsePass for this purpose because it allows me to load the database from Google Drive.

While a Yubico key could be set up for this purpose, you can also create a key within KeePass and save it to your USB Drive. For the key to be a reliable second factor, it is important it stays off the cloud. It is that 2nd Factor that you have physical possession of. In short, when you open the database you put in your password and then direct KeePass to the location of the key.

While I do not suggest leaving your Keepass database on Google Drive permanently, you can feel reassured if captured in transit, that cracking your master password alone will not open your KeePass database.