Is Uploading Keepass to Dropbox Safe?

As many of you know, keepass is a program where it configures and stores passwords for you. I have it on my laptop and also a copy of it on an external hard drive. So my backup is the external hard drive.


However, I do not have a backup copy of it online. Is uploading keepass to dropbox a good idea? The thing is you should always have an online backup right for keepass? And if so, well shouldn't it always be on an online storage site like dropbox, google drive or icloud?


Thus the only thing you would really need to remember are your keepass password and dropbox? My thoughts are well if you do this, well if anything happens to your laptop, external hard drive or anything else, well you can open your keepass file from dropbox. Thoughts on this? I mean isn't having an online backup of keepass pretty much mandatory? Thanks all.

 

anyone who uses keepass can tell me about this?

 

As long as your keepass is Password protected it should be safe uploading to dropbox. If you don't do that then well that is your choice to do that.

 

Yes, like StormJumper says, it should be OK to do what you want. The Keepass database of passwords is encrypted. Make sure you have a strong password.

 

Someone told me in a forum that i should use axcrypt to encrypt it before i put it on dropbox. Do you think that is unnecessary assuming my master password for keepass is pretty strong?

Thanks.

 

Yes.

 

I use dropbox with keepass with a (very) strong password for years.

 

In this day and age your Login/Password is a goldmine if you fail to use a good password for your keepass database before you upload to DropBox this failure is the user fault not Keepass problem. I use a Master password for Keepass and that provides security even if someone gets that file they will take a lifetime to decrypt it. Make sure the Master Password is something you can remember and not forget otherwise the person lockout would be you the User.

 

I wouldn't choose to use Dropbox myself, but that's because of the negative stigma around them from multiple security breaches.

 

If you don't encrypt your keepass database before uploading it - that is nothing anyone else can do to help with that choice one makes. And you think the problem is only just DropBox from what your describing befuddles the mind.

 

The Keepass database is encrypted anytime it is on disk, not sure how you think you could upload it anywhere unencrypted. My point was that I wouldn't put it on the most highly targeted file storage site.

 

All sites a targeted already one site isn't more then the other-that's the point I made. It's a over simplification of the problem of storage sites being hacked. And since those hacked sites aren't going to say oh by the way we got hacked sorry your data was stolen since we didn't encrypt our system. That isn't going to happen-it's not in their best interest to say that publicly to users of their system. Only time they admit is when the hackers or insider tells the Press or Online content then they will admit it happened.

 

Hey there bit confused with this. So if you don't encrypt keepass before uploading it to dropbox, they still need to know your master keepass in order to open it right? So im confused with this.

 

Your KeePass database is always encrypted on disk, and therefore anywhere you upload it as well. The only place it will ever be decrypted is within the memory of the computer you have opened it and entered the master password for.

So yes, they would still need your master password to open it from dropbox.

 

It probably is but unless you password protected it will not be protected. Encryption only works if you password protect the keepass data otherwise it is wide open should anyone want to read and edit your passwords. AFAIK it doesn't password protect it be default you must password encrypt it-this is what I remember when I first started using it.

 

Just attempted to create a new database with a blank password and saw it actually does let you, didn't think it would. Kind of stupid in my opinion, may as well use Excel.

 

You need a password if you want to encrypt something. You can't encrypt something unless you have a key to unlock it. Not sure why it's included, but it is an option if users want it.

 

Yea I was previously under the assumption that KeePass wouldn't let you create a database without providing one of the three options (pass, key file, or windows login) as an encryption method. I guess as usual, stupid users get what stupid user want.