Rookiestyle
commented
1 month ago All your entries (usernames, passwords, ...) are stored in a database file and you can see all of them if you open this database file in KeePass. You can also have multiple database files, e. g. one for work related entries and another one for private stuff.
If you choose this option in KeePassOTP, the OTP data is stored in an own database file with its own password. This OTP database file is embedded in the main database file.
Example: You have two database files: work.kdbx and private.kdbx If you add OTP data to an entry in private.kdbx and choose this option, the OTP data is stored in another database file which is embedded inside private.kdbx To access it, you must open private.kdbx in KeePass and KeePassOTP will then request you to open this embedded file as well.
Have a look at the Pros and Cons here: https://github.com/Rookiestyle/KeePassOTP/wiki/KeePassOTP-storage-approaches#otp-storage-in-a-separate-database
Summary
The "Save OTP secrets in a separate database" option is not clear to me. Does it encrypt the data on top of the default offered by Keepass, i.e. twice, or only once? So if I set a weak password for this one, does it make it less safe or does it only make it more encrypted? I've read the "more information" tab multiple times but I couldn't figure out what you mean bc I am not a developer of Keepass and don't know its internal workings.