Are you guys still recommending keepass as there seems to be many articles against using it?

links to those articles?

http://www.inc.com/will-yakowicz/sec...d-manager.html

http://www.lifehacker.com.au/2016/06...to-be-patched/

what do you mean by portable version?

Also when i download it goes to the website SourceForge?

The second of those articles tells you what you need to do (i.e. verify the legitimacy of downloads) if you want to use Keepass. Neither article is talking about a problem with the service itself.

Sourceforge is a reputable site that is used as a code repository for open source and other software.

It say



Where is the tab tab ‘Digital Signatures?

Requires no installation. Can be put on a thumb drive.

Edit: You right-clicked the shortcut, not the exe. But I'll try now.

edit#2 -- yeah it's what I said, you have to click properties of the actual exe, not the shortcut.

where is the exe?

No offense but, are you new to computers?

Your shortcut properties told you where the exe is. It's in C:\Program Files (x86) and then the keepass folder.

yes total computer noob

is this it?



but again same thing

?

Those are all shortcuts too. Shortcuts have the arrow symbol on the icon. Plus on the right column, after the date, it says "Shortcut".

Click on the shortcut's properties again, and then click "Open File Location".

Edit: ah you found it. Ok yeah good, looks like your keepass is properly signed and legit.

so when it asks to update to new version do i just click and update as usual?

Honestly I have auto update checks turned off, just my preference. I check occasionally when I damn feel like it. Besides, I don't think frequent updates are critical for this software. It's not like a browser which needs constant security updates.

But from what I gather from the link I gave you, when it asks for updates you still have to go to the page yourself in order to get it.

ok thanks appreciate it!

When you check the digital signature of the file, you are supposed to do that for the downloaded file not the installed file.

If you have installed it, its a bit late to worry about the digital signature.

When you download the file, before you install it, right click it, properties, Digital Signatures. The idea being that you check whether it is safe to install BEFORE you install it.

i installed it on another computer previously ok so downloaded file different computer and right clicked properties what is it meant to display or not display?

Those are the 2 signatures. They show who signed them, how and when.

If you select one of those signatures and then click Details, it will show you more information including the certificate used.

The point of these is they show they company that signed the software... so if you download say a file from Microsoft and the digital signature does not say Microsoft you know that the file cannot be trusted.

The file you downloaded says "Open Source Developer, Dominik Reichl" - which is verifiable as the developer.

Tbh, it's an ok method - the main problem being that most people don't know what information should be shown, so how do they know if it is incorrect. I prefer hash sums http://keepass.info/integrity.html#sig

Unsure if it needs its own thread or should be LC or what, but LastPass is or has gone totally free for the full version. No more $12/year fee required to access on multiple device types.

If you aren't using a password manage, do it. Now!