phoerious
commented
2 years ago The security depends on the strength of the password. Using a YubiKey with KeePassXC is technically not 2FA. See https://keepassxc.org/docs/#faq-yubikey-2fa
Closed Simplenuity closed 2 years ago
phoerious
commented
2 years ago The security depends on the strength of the password. Using a YubiKey with KeePassXC is technically not 2FA. See https://keepassxc.org/docs/#faq-yubikey-2fa
droidmonkey
commented
2 years ago There is zero benefit to using a yubikey or key file in this instance. In fact using a yubikey makes it very impractical to share the database, you would have to make keys with the same secret and share them amongst everyone you are sharing the database with. Just use a strong password (randomized, > 15 characters) and you'll be plenty protected.
Simplenuity
commented
2 years ago Thanks for the reply/ feedback. Highly appreciated. I did not think of YubiKey for 2FA but a key file. Still don't understand why there is zero benefit though? Wouldn't it have the same benefit as using a key file (beside the password) for the database itself? Of course I fully agree with the importance of the strength of the password.
droidmonkey
commented
2 years ago A key file is just a bunch of random bits, it offers no additional protection than a password, in fact it offers LESS protection since it has to exist somewhere for the program to use it... which means any malicious program can take it too. You also have to hand out the key file to anyone who would want to open the database. At the end of the day, the most secure and usable way to handle shared databases is to just use a strong password.
Simplenuity
commented
2 years ago Thanks for sharing your take on it!
Summary
I would like to clarify whether I'm missing something here?
If my KeePassXC database is secured with a second factor and I decide to use KeeShare, am I not reducing my security for the data included in the KeeShare file due to not being able to use a second factor for this file?
If yes, could 2FA be implemented for KeeShare?
Examples
I read about an interesting setup where a user made a subset of his KeePassXC database available read-only to his mobile device via KeeShare. Both, subset and read-only for security reasons.
Context
Information security, here specifically reducing the security for otherwise via 2FA secured information by making it available via KeeShare that only rcan be protected via a password.
Thank you for your time and consideration - and this great piece of software!