Is it insecure to upload Keepass database to Google Drive, Dropbox or any other file service in the cloud?

I’ve read this answer in Security Stackexchange: https://security.stackexchange.com/a/45337

So, I feel kinda confident if a put a big number of PBKDF2 iterations, like 10.000.000, it should be OK.

My master password is based on diceware, but is not very very long because I need to remember it.

What do you people think about this?

  • FlagonOfMe
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I use KeePass and keep my database in the cloud. I use a key file that is never stored in the cloud in addition to my master password. You get a cloud backup of your database, and updates will sync to your devices if your cloud provider has a client that does that.

    I actually don’t sync it directly to my phone. I download a copy as needed. I also don’t add passwords on my phone to my main database. I use a separate database for logins I create on my phone and import them once in a while on my PC. This is because Google Drive’s sync on Android has been unreliable for me, though I haven’t tried again in years.

    I use KeePass DX on Android because it has a nice virtual keyboard so you don’t have to use the clipboard, which is insecure. It also has a better UI with fingerprint unlocking.