keepass in the wild

pixelfairy

How do you use keepassdx in the wild? Do you have everything setup to rarely ever need keypass? Or to rarely need to the type the passphrase? Do you use an external device, like a yubikey?

Lets say the camera you don't notice is the one that can analyze your finger movements. But maybe that can be made harder to analyze.

Already have device pin scrambled, privacy screen, and plan to backup the keyfile to different locations than the password database. Have a dummy password database to try your suggestions with.

Heres the discussion on how long your passphrase should be. Don't want to split the thread here.

https://discuss.grapheneos.org/d/22857-optimal-length-and-structure-for-passwords

MyIdentityIsntImportant

pixelfairy I've personally made it so that my KeePass database has a long primary password and I've enabled fingerprint unlocking in KeePassDX. I've made it so that once I unlock my database with my primary passphrase (which I do every morning), KeePassDX allows me to use my fingerprint to unlock the database for the next 16 hours (i.e. for the rest of my waking hours for the day). This way I can use fingerprint unlock when in public and only have to enter my primary passphrase in a secure environment (my home every morning).

This fits my personal threat model. I'm curious to hear about how others do it.

Ignorant_Cormorant

I make enough typos and corrections to confuse even the most eager automated analyzer.