Question Changing KeePass’ database is impossible & risky (07 Nov 2023)

Please provide comments and solutions that are helpful to the author of this topic.

beginner-mt

Level 1
Thread author
Verified
Jan 6, 2019
28

(desktop PC, Windows 10)

I wonder whether anyone could help, please

A few months ago, I wanted to change my desktop KeePass 2.54’s master-password. A nightmare that nearly locked me out of my own encrypted stuff.

For some unknown reason, the new master-password was invalid. Or so KeePass said. I nearly had a stroke.

Thank goodness I had kept an old copy of the database (with the old password) so I could access my encrypted stuff.

Yesterday, months later, I tried again (KeePass 2.55). Same scary problem.

I created a password (72 characters). I eliminated all apostrophes, commas, etc etc

The new password was on a (disposable) document (something I never do, but I wanted to make sure I wasn’t making any mistake)

I copied+pasted the new password onto KeePass’ password-replacement dialogue-box, etc etc.

I logged out of KeePass and then, to log in, I (again) copied+pasted the new password. KeePass told me the password was invalid. Which is impossible. I always copied+pasted the newly created password, throughout the whole procedure. From the very beginning.

After reinstalling KeePass, scanning (repeatedly) this PC for malware, etc, I asked a few friends for help. They couldn’t find anything wrong with what I was doing.

We even typed the new password, character-by-character, all of us checking and double checking to ensure we were doing the right things.

They told me to ditch KeePass, and use another program. The main reason why I use KeePass is that it’s NOT an online/cloud app. I hate cloud apps.

Anyway, before I’m forced to replace KeePass with something else, has anyone got any idea what the problem might be??

It’s the only program I've got problems with.

In advance, thank you very much for your kind help

Christian


 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,944

(desktop PC, Windows 10)

I wonder whether anyone could help, please

A few months ago, I wanted to change my desktop KeePass 2.54’s master-password. A nightmare that nearly locked me out of my own encrypted stuff.

For some unknown reason, the new master-password was invalid. Or so KeePass said. I nearly had a stroke.

Thank goodness I had kept an old copy of the database (with the old password) so I could access my encrypted stuff.

Yesterday, months later, I tried again (KeePass 2.55). Same scary problem.

I created a password (72 characters). I eliminated all apostrophes, commas, etc etc

The new password was on a (disposable) document (something I never do, but I wanted to make sure I wasn’t making any mistake)

I copied+pasted the new password onto KeePass’ password-replacement dialogue-box, etc etc.

I logged out of KeePass and then, to log in, I (again) copied+pasted the new password. KeePass told me the password was invalid. Which is impossible. I always copied+pasted the newly created password, throughout the whole procedure. From the very beginning.

After reinstalling KeePass, scanning (repeatedly) this PC for malware, etc, I asked a few friends for help. They couldn’t find anything wrong with what I was doing.

We even typed the new password, character-by-character, all of us checking and double checking to ensure we were doing the right things.

They told me to ditch KeePass, and use another program. The main reason why I use KeePass is that it’s NOT an online/cloud app. I hate cloud apps.

Anyway, before I’m forced to replace KeePass with something else, has anyone got any idea what the problem might be??

It’s the only program I've got problems with.

In advance, thank you very much for your kind help

Christian


I had in the past once a similar situation, but that might been my own mistake with my database-file of KeePass. In short, my solution is the following: I have setup my database for the original KeePass, and I use additional the fork KeePassXC as backup method to be prepared if one database might be ending up broken for some reason...

Another way for same purpose, if you would just create two of your KeePass databases but the 2nd one with a different Master-Password.
 
F

ForgottenSeer 103564

Over complicating things for yourself will result in what you have here. Keepass as you pointed out is not cloud based, and a person would have to access directly to attempt to breach it. You do not need a 80 character ridiculous to remember master password.

Utilize a password only you would know, and if necessary get a cheap closet safe and write it down and place it in there. Keep backups of your kdbx or kdb files on a flashdrive or if like me, use the portable on a flashdrive for plug and use scenarios. Its just as easy to update and use on a flash drive than having it on the system. Lot less chance of someone physically accessing it as well.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
I created a password (72 characters). I eliminated all apostrophes, commas, etc etc
What's the maximum length master password allowed with KeePass v2.54 vs v2.55?

Does the new password work if you create a new temporary database?
I copied+pasted the new password onto KeePass’ password-replacement dialogue-box, etc etc.
Isn't a virtual keyboard (OSK) safer than copy+paste when the clipboard contents can be shared online.
 
F

ForgottenSeer 103564

Isn't a virtual keyboard (OSK) safer than copy+paste when the clipboard contents can be shared online.
You got bigger problems than a password if your clipboard contents were intercepted. Seriously, there is a point where this becomes ridiculous scarring users instead of teaching them direct knowledge. Obviously password manager servers are not kept as secure as they should be, we all know why that is, because to take time down to constantly patch CVE's and other issues is expensive and what are most companies concerned with?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top