Question Changing KeePass’ database is impossible & risky (07 Nov 2023)

Please provide comments and solutions that are helpful to the author of this topic.

B

beginner-mt

Level 1
Thread author
Verified
Jan 6, 2019
28

(desktop PC, Windows 10)

I wonder whether anyone could help, please

A few months ago, I wanted to change my desktop KeePass 2.54’s master-password. A nightmare that nearly locked me out of my own encrypted stuff.

For some unknown reason, the new master-password was invalid. Or so KeePass said. I nearly had a stroke.

Thank goodness I had kept an old copy of the database (with the old password) so I could access my encrypted stuff.

Yesterday, months later, I tried again (KeePass 2.55). Same scary problem.

I created a password (72 characters). I eliminated all apostrophes, commas, etc etc

The new password was on a (disposable) document (something I never do, but I wanted to make sure I wasn’t making any mistake)

I copied+pasted the new password onto KeePass’ password-replacement dialogue-box, etc etc.

I logged out of KeePass and then, to log in, I (again) copied+pasted the new password. KeePass told me the password was invalid. Which is impossible. I always copied+pasted the newly created password, throughout the whole procedure. From the very beginning.

After reinstalling KeePass, scanning (repeatedly) this PC for malware, etc, I asked a few friends for help. They couldn’t find anything wrong with what I was doing.

We even typed the new password, character-by-character, all of us checking and double checking to ensure we were doing the right things.

They told me to ditch KeePass, and use another program. The main reason why I use KeePass is that it’s NOT an online/cloud app. I hate cloud apps.

Anyway, before I’m forced to replace KeePass with something else, has anyone got any idea what the problem might be??

It’s the only program I've got problems with.

In advance, thank you very much for your kind help

Christian


 
  • Like
Reactions: simmerskool, vtqhtr413 and silversurfer
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,178
beginner-mt said:

(desktop PC, Windows 10)

I wonder whether anyone could help, please

A few months ago, I wanted to change my desktop KeePass 2.54’s master-password. A nightmare that nearly locked me out of my own encrypted stuff.

For some unknown reason, the new master-password was invalid. Or so KeePass said. I nearly had a stroke.

Thank goodness I had kept an old copy of the database (with the old password) so I could access my encrypted stuff.

Yesterday, months later, I tried again (KeePass 2.55). Same scary problem.

I created a password (72 characters). I eliminated all apostrophes, commas, etc etc

The new password was on a (disposable) document (something I never do, but I wanted to make sure I wasn’t making any mistake)

I copied+pasted the new password onto KeePass’ password-replacement dialogue-box, etc etc.

I logged out of KeePass and then, to log in, I (again) copied+pasted the new password. KeePass told me the password was invalid. Which is impossible. I always copied+pasted the newly created password, throughout the whole procedure. From the very beginning.

After reinstalling KeePass, scanning (repeatedly) this PC for malware, etc, I asked a few friends for help. They couldn’t find anything wrong with what I was doing.

We even typed the new password, character-by-character, all of us checking and double checking to ensure we were doing the right things.

They told me to ditch KeePass, and use another program. The main reason why I use KeePass is that it’s NOT an online/cloud app. I hate cloud apps.

Anyway, before I’m forced to replace KeePass with something else, has anyone got any idea what the problem might be??

It’s the only program I've got problems with.

In advance, thank you very much for your kind help

Christian


Click to expand...
I had in the past once a similar situation, but that might been my own mistake with my database-file of KeePass. In short, my solution is the following: I have setup my database for the original KeePass, and I use additional the fork KeePassXC as backup method to be prepared if one database might be ending up broken for some reason...

Another way for same purpose, if you would just create two of your KeePass databases but the 2nd one with a different Master-Password.
 
  • Like
Reactions: simmerskool, vtqhtr413 and harlan4096
F

ForgottenSeer 103564

Over complicating things for yourself will result in what you have here. Keepass as you pointed out is not cloud based, and a person would have to access directly to attempt to breach it. You do not need a 80 character ridiculous to remember master password.

Utilize a password only you would know, and if necessary get a cheap closet safe and write it down and place it in there. Keep backups of your kdbx or kdb files on a flashdrive or if like me, use the portable on a flashdrive for plug and use scenarios. Its just as easy to update and use on a flash drive than having it on the system. Lot less chance of someone physically accessing it as well.
 
  • Like
  • +Reputation
Reactions: simmerskool, JustInTime, Jonny Quest and 3 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
beginner-mt said:
I created a password (72 characters). I eliminated all apostrophes, commas, etc etc
Click to expand...
What's the maximum length master password allowed with KeePass v2.54 vs v2.55?

Does the new password work if you create a new temporary database?
beginner-mt said:
I copied+pasted the new password onto KeePass’ password-replacement dialogue-box, etc etc.
Click to expand...
Isn't a virtual keyboard (OSK) safer than copy+paste when the clipboard contents can be shared online.
 
  • Like
Reactions: simmerskool, JustInTime, harlan4096 and 1 other person
F

ForgottenSeer 103564

Ink said:
Isn't a virtual keyboard (OSK) safer than copy+paste when the clipboard contents can be shared online.
Click to expand...
You got bigger problems than a password if your clipboard contents were intercepted. Seriously, there is a point where this becomes ridiculous scarring users instead of teaching them direct knowledge. Obviously password manager servers are not kept as secure as they should be, we all know why that is, because to take time down to constantly patch CVE's and other issues is expensive and what are most companies concerned with?
 
  • Like
Reactions: simmerskool and JustInTime

Similar threads

silversurfer
    • Like
New Update Master Password, the App that Never Stores Your Passwords
Replies
3
Views
722
Passwords and passkeys
I Walk MY Way
I Walk MY Way
vtqhtr413
    • Like
    • +Reputation
    • Hundred Points
Security News SSH protects the world’s most sensitive networks. It just got a lot weaker
Replies
2
Views
3,129
Security News
vtqhtr413
vtqhtr413
silversurfer
    • Like
    • Applause
    • +Reputation
Ryuk ransomware operation updates hacking techniques
Replies
1
Views
1,275
News Archive
wat0114
wat0114

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top