Robert J Townley

The most secure PassKey is a PassKey that is absolutely unique to a particular machine and user profile. The PRIVATE PART OF THE PASSKEY SHOULD NEVER LEAVE THE MACHINE IT WAS GENERATED ON. Passwords and MFA are not going away just because a website demands a passkey. That website will let you generate a separate passkey for each individual machine and user profile. Storing PassKeys in a portable database is misguided from a security perspective.

When i use MS Windows, I use the KeePassWinHello Plugin. But that of course does not work on Linux.

Get the same error message, but mine is due to opening precious.kdbx with KeeWeb.exe just once. I am still researching this KeeWeb bug, so have not figured it all out. iiuc, KeeWeb.exe added a corrupt and invisible KeyFile to my kdbx. The good thing is that KeeWeb.exe can still open the file successfully and StrongBox seems to be refusing to sync the unopenable version. Dimitri Witkowski or github.com/Antelle, the main developer of KeeWeb dropped the project, but there are patches that fix the problem....

Yes, @dreichl, great work. It would be nice to have a way to exclude particular Plugins in the Plugins folder. I have to use many different machines. I love the KeePassWinHelloPlugin.plgx plugin as it saves me a great deal of time and frustration by letting me use my finger to reopen the kdbx. But of course, some of my machines do not have WinHello capable hardware and many more are not windows at all. I store keepass.exe and Plugins in Dropbox in order to run the same exact setup on a bunch of different...

One of the main reasons i use KeePass is because when i need to reset a password, but cannot remember which one of twenty+ email addresses to use. Installing a plugin is not always an option nor standardized and quickly gets out of reach of perpetual newb users.

Please, pretty please add an email field by default.

I am no authority in any way whatsoever, but still surprised NIST has not added an erratta. strncpy is much more secure than strcpy because the exact number of characters to copy is predetermined ahead of time. The length of the string is not determined by the size of the variable nor by NULL characters, so it becomes truncated to n. Weaker implementations of SHA256 and SHA512 are vulnerable like strcpy in the same way because extra data can be appended to the hash without being detected. SHA384...

Rick Spies, i use StrongBox and KeePassium to modify entries on my iPhone and modify them on Linux and Windows desktops. Very rarely, there is a problem with the cloud app not syncing.