Using Dropbox and Keepass to synchronize passwords while staying secure

If you're like me you have a lot of passwords.  I literally have hundreds and it's impossible to keep them all straight while keeping security in mind.

If you have that many passwords you either have to document them or remember them with a single "master password" in your mind.  The problem is both of these are very insecure and can lead to password theft.  Sahil Verma has a good post about using Keepass and Dropbox to keep your passwords in order.  I'd like to expand on that post and give thoughts on Keepass.

Keepass is an open source application that will store all passwords in an encrypted database file.  This file can be locked down tightly with a private key, master password, and/or computer account login.  A master password and private key are probably more than sufficient to keep your passwords secured.  Find out more information on the security of Keepass on their features page. Keepass is available for pretty much any device and OS you can think of.

Dropbox is a cloud-based file storage system.  They give you 2GB of space for free (plus 500MB extra if you use this link) and have an application you can install to get access to Dropbox on your computer.  It's also available on Android and iOS devices (and probably other mobile platforms as well). The application lets you select which folder you "sync" to your Dropbox account on your computer.  By doing this you get an exact, updated copy of your Dropbox account files.  

When you open a Keepass database you can select a .kdbx file located in your Dropbox sync folder.  If you have Dropbox installed on multiple computers, say, one at home and one at work, saving the .kdbx file to your Dropbox folder in either location will keep them updated automatically.  The catch is a .kdbx file on a different machine will have to be reopened (which isn't a problem if you reboot your machine regularly).  By using the Dropbox application you can keep your .kdbx file in a secure folder on Dropbox that other Dropbox users don't have access to (unlike your "Public" folder, which is located underneath your main Dropbox folder).

A few Keepass tips:

  • Go into options and have it load on computer startup.  You'll have to auth with your master password when your computer starts but it should save your private key (.key) location.
  • Name your entries with a word in the web browser's title bar.  That way you can use the keypass hotkey (default alt+ctrl+x) to automatically type in your username/password and have it show up in the window that pops up

Note that you can store your private .key file in your Dropbox account as well for increased convenience (if you lose that you've got some problems).  Some people have written things about Dropbox's lack of security though, so your private key may fall into the wrong hands this way.  However, if you're using a master key authentication in combination with the private key you'll still have a thick layer of protection, assuming your master password is any good.