Howto unlock KeepassDX with your Secure Element (slrpnk.net)

submitted 4 months ago* (last edited 4 months ago) by boredsquirrel@slrpnk.net to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

Google Pixel phones, especially with GrapheneOS, are worlds more secure than other technologies.

Every user account is decrypted with a key generated by the secure element, and the pin is just used to unlock that key.

But the secure element is rarely used in other applications.

Here is how to unlock your KeepassDX Storage with it:

Create a password storage with a very secure and long password. Length is especially important, prefer to use tons of nonsense words, over hard to remember symbols
In KeepassDX Settings, under "unlock settings" enable "use system unlock"
Enter the password for the password storage.
Instead of pressing Enter, press on the button in the bottom left to register the password in the Android Keystore.

From now on you can unlock your password storage using all the security that your device offers.

The only weakness is the password, so make it as long as possible.

To copy-paste passwords relatively securely, you can use Florisboard's internal clipboard. Enable "sync from system clipboard", and disable "sync to system clipboard".

If you copy things using the button on Florisboard, it will only be saved in Florisboards internal app storage, not your system clipboard, which is accessible to all input devices (keyboard apps) and foreground apps.

To delete things from the system clipboard (which only holds one entry) you can use apps like this one

I recommend Obtainium to get the latest versions of these apps.

Here is a list of available app configs

you are viewing a single comment's thread
view the rest of the comments

[-] Telorand@reddthat.com 4 points 4 months ago

Is this better than Bitwarden? A lot of this seems to be similar functionality offered by Bitwarden already, with fewer steps, but I'm open to learning something new.

[-] IllNess@infosec.pub 5 points 4 months ago

If you need hosting and syncing, stick with Bitwarden.

[-] boredsquirrel@slrpnk.net 2 points 4 months ago

Syncthing + KeepassXC works kinda fine, but not always.

load more comments (1 replies)

this post was submitted on 12 Jul 2024

11 points (86.7% liked)

Cybersecurity

5759 readers

116 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social