Frequently Asked Questions
Disclosure Statement: These really aren't frequently asked questions. A few of them have been asked once. The rest have never been asked; I just made them up. (And the answers, too.)
Q: Why am I storing my passwords in KeePass, anyway?
So you can use them without the need to remember them. Most people can't remember all their different passwords, when each one looks something like T8uWNWuObeiBEbhO. Your passwords do look like that, right? Of course they do! Because you already know that if a cracker breaks into a website and steals the hashed password file, he can use Ophcrack to recover all the weak passwords. And you do have completely different passwords for each website, right? Of course you do! Because you already know about free “bait” websites, which try the passwords of their registered users at brokerage firms.
Q: How much are my passwords worth?
How much money, time, and aggravation would it cost you if you permanently lost all your passwords, and could not log on to websites of merchants, financial institutions, protected online content, email, applications, etc.? Not to mention the additional information you might have stored in the password database such as software product keys, credit card numbers, private keys for VPN connections, and [fill in your secrets here]. For many people, the password database is the family jewels.
Q: How could I lose my password database?
Let me count the ways. If your password database is on a USB flash drive, the flash drive could be misplaced, or it could be stolen, or the flash drive could just stop working, or it could be eaten by your dog. If your password database is on a computer's hard disk, the hard disk could crash, or the part of the hard disk containing your database could become unreadable. The whole computer could be stolen, or stop working, or the building containing it could burn down.
Q: Why should I back up my passwords?
For the same reason you buy insurance. It's very unlikely that your house will burn down. But if it happens, the loss will be less if it's insured. And the cost of insurance is relatively low. Similarly, it's very unlikely that any calamity will befall your precious password database. But if it happens, the loss will be less if you have an up-to-date backup copy. The effort to keep backups up-to-date can be low if an automatic method is used.
Q: Why not use a backup utility program to back up my passwords?
This is not a bad idea. At least the database gets backed up. But it's like hiring a moving van to move a paper clip. Backup utility programs are designed to back up many megabytes or even gigabytes of data, orders of magnitude more than in a typical KeePass database. Many users' password databases are smaller than these help pages – a few tens of kilobytes. So the moving van will travel practically empty, an inefficient solution.
But a worse problem is that separate backup utility programs will generally not know when the user has just added a new password or otherwise modified the database. To lose even one new password is sometimes more of an inconvenience than losing an entire computer hard disk. Backup of the password database is different in kind from ordinary file backup issues. The password database is an exceptionally small amount of exceptionally valuable information. It is the family jewels. You can't afford to lose even a small part of it.
Q: What's the advantage of backing up through a KeePass plugin?
The database gets backed up automatically as needed, not just when a separate backup utility happens to run. Therefore, the backup is never out-of-date. Also, many people use PCs primarily for Internet surfing. These folks probably have no backup strategy, and they surely don't want one just for KeePass. A plugin can provide a backup capability customized for this exceptionally small amount of exceptionally valuable information. The extra time for a plugin to write one or more backup copies of the password database can be made imperceptibly small in most cases.
Q: Why not use the DB_Backup plugin?
The DB_Backup plugin may be the right solution for some people. Users are encouraged to weigh the capabilities of both plugins and choose the plugin that best matches their own needs.
Q: What's worse than not bothering to back up my passwords?
Thinking your passwords are backed up, when they really aren't. This can occur in various ways with both ABP and DB_Backup. ABP users need to understand the way ABP is intended to work, as described in Using ABP, Misusing ABP and Atypical Actions, to avoid false expectations. DB_Backup users should be aware of the issues raised in ABP versus DB_Backup.
Q: Why should I back up my key file?
A key file is essentially a master password that's in a file, instead of in your head. The advantage of a key file over a master password is that it can be made much more complicated than any string one can hope to remember. But if it's in a file, you could lose it in any of the ways you could lose your password database. And if you lose it, your password database – even if backed up – cannot be opened, and is useless. Therefore, if you use a key file, it's just as important to back it up as it is to back up your password database.
Q: Should I back up my key file the same way I back up my password database?
Short answer: No, no, no! (What part of this answer don't you understand?)
Long answer: Your key file must be kept secret from others, whereas your password database need not be. The whole concept of the password database is that it is encrypted with your secret key file and/or secret master password. Since it is encrypted, the password database can safely be stored anywhere, even in a place where others can access it, without compromising your Internet passwords. You can safely store backup copies of your password database anywhere, too. But the secrecy of your Internet passwords relies entirely on the secrecy of your key file and/or master password. If your key file – or even a backup copy of your key file – is stored where others can access it, the secrecy of your Internet passwords is compromised. The entire advantage of a key file is lost if it is not kept secret from others.
Managing your passwords involves two conflicting objectives: Keeping your passwords secret from others, and assuring that you yourself can always access them. ABP and other backup plugins solve the second problem; KeePass itself solves the first – but only if you keep your key file (and/or master password) secret.
Q: When should I back up my key file?
The good news is that you don't need to back up your key file very often. You should back it up as soon as you create it, and whenever you change it. But there seldom is a need to change a key file. The only reason to change a key file is if you suspect (or know) that others may have accessed it. But in that case, all your Internet passwords may already be in the hands of someone else.
Q: How should I back up my key file?
To a protected or secret place.
Copy the key file to a portable medium like a floppy disk or CDROM, and then store the medium in a vault, in a safe-deposit box, or under your mattress. Consider multiple backup copies in different places to avoid problems with defective or destroyed media. Want something smaller and cheaper? Just print the key file, cut out the character string with a scissors, and fold it up into a tiny wad that can be concealed almost anywhere. The main disadvantage of this method is that restoring the key file means entering the character string by hand. But restoring the key file is not something you expect to do very often.
Q: Why doesn't ABP back up my key file?
For the same reason that KeePass doesn't cook your dinner: It's not the right kind of tool for that job. It makes more sense for you to cook your dinner yourself, and to back up your key file yourself. But if you've been paying attention to the last four questions, you already know that.