Sync your passwords between your phone and computers using Dropbox and KeePass

If you use passwords like 12345 for anything else than maybe your luggage, you probably don’t need to read this post. If you’re smarter than that and you use proper passwords, you might be interested to learn how to store them safely while having them handy at all times.

KeePass is a very popular cross-platform solution that stores your passwords to a local encrypted file. To have a look inside the database you need to provide the master password. Once inside, all your passwords, PINs and credit cards are at your disposal.

Storing passwords exclusively to a local file generally isn’t a very good idea. To keep your passwords mobile and safe from data loss (disk crashes, cell phone drownings, stolen laptops…) I recommend you use a cloud store, like Dropbox.

Dropbox is a neat free service that syncs files between all your devices, portable or otherwise. I use it between my desktop, my workplace desktop and my HTC Desire. Syncing happens automatically in the background, so your password safe will be up to date, wherever you are.

1. To get started, you need to download and install a Dropbox client (Mac, Linux, Windows) and set up an account if you don’t have one already. Once installed, your computer (or mobile device) will feature a new folder, called Dropbox, which is shared between all your devices.

2. Inside your DropBox folder create a new subfolder named MyKeys or something similar, and make sure you keep this folder private.

3. Now install a KeePass client to all your devices:

4. I suggest you use the desktop client to set up your key file** password database file. Just fire up KeePassX, create a new database, set up a master password, and store the database file into your DropBox folder you created in step 2. You can populate the database with your passwords now, or at any time later.

5. Your password database file should now be synced between all your devices. To open it on Android, simply open DropBox and look for the file you created in the previous step. If KeePassDroid is properly installed, it will pop up and ask you for your master password. Once typed in, your secure passwords will happily reveal themselves.

* In Linux just look for KeePassX in your package repository (Software Center in Ubuntu)
**  See Jason’s comment below

12 Comments

  1. How about using 1 google document? And chaning your google password if you loose mobile phone. 🙂

    1. drye says:

      That works too if you don’t care about security. I wouldn’t store my passwords and credit card info non encrypted.

      1. Non-encrypted? We are talking about google here. If someone can break into my google document, that could be some bad reputation for Google. Or not?

        Of course, I should protect and regularly change my password to access it…

        1. drye says:

          Well, there’s browser cache, passwords remembered in browser, accessing your data on public terminals etc. For some passwords, like passwords for less sensitive sites, I guess that’s good enough. For credit card information and similar sensitive data, I don’t think so.

        2. Jeff says:

          You sir, are a hacker’s wet dream.

  2. Jason says:

    You are using the word “key file” for what is really the “Password database file”. The key file is part of keypass that acts like a password to gain access to your password database file. The database file is what contains the passwords for you other sites, whereas the key file should just contain a seemingly random set of data, similar to a fingerprint.

    1. drye says:

      I stand corrected, Sir!

  3. george says:

    Great Solution !!!!
    Thanks a lot!!!!!

  4. security conscious says:

    If you want to be really security consciousYou should not only use these 2 packages across 2 or more devices, and pay for Dropbox services and use it as you harddrive and keep your computers relatively free from sensitive files. Dropbox paid storage offers 2 step verification which means 2 devices need to be together, one being a mobile device running a google authenticator package. I use Facebook, Google and Dropbox like this with all my passwords stored on a shared secure dbf file. After my home was broken into, nothing stolen, my computer local password hacked using a usb boot stick drive, and the hacker gained admin privilages and deleted some evidence and then tried to gain access to my dropbox account by using a variety of different passwords. I know this because I became suspicious when I notice files had “vanished” from my Desktop. I now run a computer which only has a copy of what I am working on and Dropbox subdivided into folders like a hard drive. I checked the logs and discovered that my computer had been switched on while I was out. The thing that was very creepy was that there was no sign of forced entry. Also on your Android device you can set a 4 digit pin on access to your dropbox account and another for acceess to your phone. I also use Gotcha on the android which takes a photo of anyne who tris to hack the password or even activates the screen and emails it to me. Its not paranoia, its asserting control and ensuring it never happens again.

  5. security conscious says:

    you dont need to download the client, you can drag and drop into Dropbox with firefox 16 on Lynux.

    Also, use the onboard password generator in keepasX on the desktop machine.

  6. Jaroslaw Kubik says:

    And what if somebody hacks Dropbox servers?

    1. Jason says:

      Keepass files are encrypted. The security is believed to be very good. You can send the file to everyone in the world, and as long as you use a long passphrase and keep it secret, no one else should be able to make sense of it.

Comments are closed.