There's no way to protect any app against targeted malware running with superuser privileges. Q: Does it have full protection from trojans or keyloggers?Ī: Although we have implemented some measures to prevent other apps from accessing KeeWeb, the protection is not full. If you have some strange plugins in your browser installed, they might have access to data on pages, depending on plugin permissions. Q: Can other pages in my browser or untrusted plugins access my passwords?Ī: Other pages must have no access to it. It doesn't contain and will never contain any statistics collection scripts, analytics, ads, and other slow, disturbing and insecure stuff like that. SecurityĪ: The app never sends your data over network unless you ask for it explicitly, it's completely offline, all your data is stored locally and never sent by network. Q: Does it support 2FA (two-factor, second factor authentication)?Ī: Yes, you can set up 2FA on your cloud storage and additionally you can protect your file with a YubiKey. Please check out this page.Ī: Yes and no, please see different options described on this page. We don't lock you in.Ī: Most probably CORS is not enabled on your server. Q: What will happen if KeeWeb gets abandoned?Ī: You can switch to any other KeePass-compatible client. You can use KeePass to convert between them. Only kdbx (KeePass v2), not kdb (KeePass v1) is supported. Q: Is it compatible with KeePass? What about KeePassX or other clients?Ī: File format is compatible and all important features are supported. Website content is stored on Google Cloud in multiple locations in the EU (Finland, Belgium, Frankfurt, Netherlands) and delivered through CloudFlare content delivery network. The source code is hosted on GitHub in the U.S. The only official app is and desktop apps downloaded from or GitHub releases.Ī: KeeWeb is made in the Netherlands. If you're asked to pay for “full version” or “ad removal”, most probably it's a scam. Q: Are there plans to commercialize KeeWeb?Ī: KeeWeb will always remain free and ad-free, at least for personal use. Q: Yet another KeePass client app? Why? What is the motivation?Ī: Because there's no cross-platform app with good UX and no browser version. It's called Kee Web because it's created with web technologies. When Heartbleed dropped, I marked all my passwords in red and only changed them back when I updated that website password.A: If you prefer desktop version, there are desktop clients for all major OS: Mac, Windows, and Linux. I had Keepass remind me to generate and rotate that password every quarter just in case. For example, I once had a bank that limited passwords to 8 characters. It can also protect me against terrible password policies. I stay logged out of most websites by default. This is my backup in case I lose access to my Keepass db.Īs one last bit, I have Keepass to auto-lock after a bit of inactivity, so I'm constantly retyping that password. Additionally I have the Keepass password written down in a safe (separate) place just in case. Most services are tied to my email, so I have both 2factor auth AND recovery codes that I have stored in a safe place. It takes 500ms on my beefy desktop to unlock the DB, and almost 3 seconds on my macbook. Keepass keeps the DB file secure with encryption and many rotations, so I'm not afraid of a brute-force on the file itself.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |