Dropbox + KeePass = Secure, Convenient, Cross-Platform Password Management System

Red Door, Lock

There is a growing trend towards storing data and other information on the cloud. I use Evernote to store important notes and information online, and access them on the go with my Android phone. I use a web-based task management application, Remember the Milk to keep track of my things-to-do from work and home. I use Google Calendar to track my appointments and other events from my mobile and from my web browser. I host my blog images and store all my photos on Flickr. I love the cloud.

I use Dropbox to sync files that I access from multiple locations, using their secure web storage. It’s incredibly convenient to take meeting notes on my work laptop, save it on Dropbox, and access those notes later from my desktop work computer. Before Dropbox, I would have emailed those notes to myself. I store my Guild Wars skill templates on Dropbox so I can access them whether I play the game from home or at work.

Like many people, I have to remember dozens of passwords for websites and accounts I access. I have to remember so many passwords that it’s difficult to remember them all and practice good password security practices. A colleague recommended KeePass, an open source password manager, to store passwords securely, using rock-solid encryption. All passwords in your KeePass database are locked via a master password and/or a key file. KeePass also offers a robust password generator. The passwords generated are impossible to remember, so using KeePass becomes important to access those important accounts. Admittedly, this creates a single point of failure. If you forget your master password and/or don’t have your key file, your passwords are inaccessible. However, it’s easier to remember one master password than dozens and dozens of unique passwords for all of those accounts. The KeePass website offers a version of the application that can be installed on a USB flash drive, so your passwords go with you everywhere. However, that’s just one more piece of hardware to keep track of, and I wasn’t keen on carrying it around everywhere.

I became curious about whether it was possible to combine Dropbox with KeePass as a means of portable password management. After a short search, I found a step-by-step article on Lifehacker detailing how to do just that. Using KeePass with Dropbox keeps my passwords accessible from multiple computers, as well as from my phone. Both Dropbox and KeePass have Android apps, so I can input passwords for online accounts I use with my mobile. Dropbox also backs up my KeePass password file online. This password management strategy has worked pretty well for me so far. How do you manage your passwords?

5 comments

  1. Zahra · October 26, 2010

    So far, I’ve been using just a few passwords (less than a dozen), that I use thematically:
    Guild Wars gets a unique passwords
    Forums everywhere (and non-critical websites) get the same password
    Critical websites get the same password.

    I know this isn’t a good security practice, but I haven’t bothered checking for a software-based password management. I am inclined away from hardware based (fingerprint) management, having seen my husband reinstall his computer (or having his fingerprint not work) and losing his passwords. Of course, it may be that he failed to back up his passwords file.

    I’ll take a look at KeePass and its Dropbox synergy. I’ll have to see if it works with the iPhone too.

    P.S.: As far as synchronizing the skill templates for Guild Wars go, it was one of the first things I looked for when I installed Dropbox (from a tweet you posted, actually). I absolutely love the ability to effortlessly sync the builds from my desktop to my laptop (and occasionally in the past, to my work computer).

    • Brinstar · October 26, 2010

      I believe there is an iPhone app for Dropbox, so the above system should theoretically work as well, but I’m not familiar with how iPhones work to know for sure.

  2. Thomas · October 26, 2010

    Cool to read about your experiences. I was talking with Belle the other day about how I really ought to have better passwords. This looks like a good solution.

    Do you think it would work if you installed the KeePass PC application on an Android phone’s memory card when it’s in USB mode? Would it be able to use the Dropboxed password file on the same memory card?

    • Brinstar · October 26, 2010

      I’m not sure if it would work in that situation, but I haven’t actually tried. In theory, I think it would work.

      I retrieve the KeePass database file through Dropbox, and that database file is saved to the SD card, and I don’t need to download that file each time I need to use a password on my phone. I just need to access the local file. Though if the file changes at any point, of course that local KeePass database file would need to be updated.

  3. RNP · October 26, 2010

    I do something very similar, but I use 1Password in place of KeePass. 1Password has a very good iPhone app and automagically works with Dropbox.

Comments are closed.