News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Password length in KeePass

    Posted on beethoven Comment on the AskWoody Lounge

    Home Forums Tools Password length in KeePass


    Viewing 2 reply threads
    • Author
      • #344736 Reply
        AskWoody Plus

        I am normally using keepass and feel very comfortable with this. On my new android tablet, I chose Keepass2Android and still start to get familiar with it. One issue I noticed is that a master keyword is only as useful if it is long/strong enough. On my desktop using a normal keyboard, I don’t care – my fingers type even a long password quickly. On a touch screen this is still quite cumbersome for me. Interestingly the program allows for opening the manager by “only” entering the last 4 (or any specified number) digits.  I am trying to think about the implications of that. I think someone standing behind me looking over my shoulder would have a good chance to catch me typing these but assuming I am only using the tablet at home in a safe environment, that ‘s not a problem. If a stranger got access to the tablet and using brute force to crack it, would this also mean my 20 digit password is de facto a 4 digit password?

        Why would they offer this option or why allow the creation of a strong password and then only using parts of it for access?  I think I am missing something here.

        Edit:  Looking at it again, it seems this is a feature to keep the password manager running in the background even when the database is locked. In that case the full password is not required to reopen the program again.  I think in that case it seems fine unless your tablet gets stolen while you were next to it.

        1 user thanked author for this post.
      • #344789 Reply
        Paul T
        AskWoody MVP

        You only get one go at entering the short password – quick unlock – so an attacker needs to be sure they’ve got the correct characters. After that it’s back to the full password.
        It’s up to you to decide if you want the convenience of quick unlock vs the potential loss. Personally I’m happy to use quick unlock, I find it easy to hold my hand over the screen when entering it.

        cheers, Paul

        3 users thanked author for this post.
      • #345721 Reply
        AskWoody Plus

        Great – that will work fine for me especially as this tablet hardly ever leaves home

    Viewing 2 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Password length in KeePass

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.