Monthly Archives: March 2016

Using Keepass on Multiple Devices

Keepass on multiple devices

Intro

If you don’t use a password manager, you definitely should.  The security benefits far outweigh the risks.

I used to use Lastpass.  I enjoyed the multi-device convenience, but the idea of trusting just one company so completely that always has a copy of my DB made me uneasy.

Using Keepass arguably still has issues because you are trusting an application, and trust is the opposite of security, but since it’s offline, and I take responsibility for the data sharing/syncing myself, I feel it’s at least less likely that all of my passwords will ever be stolen.

But, I still have multiple devices that I need to access my passwords on: desktop, laptops, phone, tablet, etc.  And, there is truly a need to have automatic syncing.  If you leave it to manual, you’ll forget to copy the DB file after changing that password that you’re trying to use and then you have to wait until you’re on the device with the right version of the DB.

How to Sync the DB File

The program you want to look into is Syncthing.  It does what it sounds like and syncs files/folders across devices.  So essentially, you can now have the Keepass DB file automatically sync across your various devices whenever a change is made.

Here’s why I like it:

  • Support each platform I use (Windows, Linux, Android) and more, but I haven’t tried the others.
  • Encrypted
    • The Keepass DB is encrypted, yes, but it’s still better to keep it from being stolen if at all possible.
  • Open Source
    • You don’t want to use closed source applications where the encryption is important unless you truly trust the company to do it properly.  Having others examine that the encryption is done correctly is a huge bonus.
  • Can be used on machines without Admin rights.

Syncthing Model

For this to really work, you don’t have to connect every device to every other device, instead you’ll need a machine that’s always reachable.  The way my setup works, is that my home computer is always on and the router has port forwarding configured so that Syncthing requests can make it there.

Once you have one reachable Syncthing host, the other hosts just need to connect to this one.  This gives you a connection model that can be visualized like this:

syncthing model

So, let’s consider an example and see how the changes will propagate:

  1. Update password DB on my phone.
  2. My phone connects to my Desktop at home, sees that there is a change and syncs the file
  3. Other devices connect to my Desktop, see that there is a change, and sync the file.

I’ve been using this for many months now and it works very well.