Because most users wouldn't use it. How do you access your passwords on a computer that doesn't have Keepass installed? I think only LastPass has a way of doing this. And sysadmins don't like trusting 3rd party services.
How do you access your passwords on a computer that doesn't have Keepass installed?
- By keeping the pw database in a Dropbox folder, along with a standalone version of keepass itself. No need to ever install.
- By using a phone version of keepass to access the Dropbox pw database, thus always ensuring access to passwords.
- In emergency situations, by downloading the above-mentioned db and software through the dropbox website, ready to use on any machine.
(all of the above are made more difficult by the switch of 2.x series to .Net, a switch without a good reason, too, so caveat emptor etc. Keepass once looked like a great project but this dichotomy is a disaster.)
Well if you're that worried about Dropbox going away and needing access to your passwords in between the point it shuts down and you noticing and setting up a replacement, use webdav with your own server, or hack up an rsync/cron-based concoction that will do roughly what Dropbox does in this context. There are 100's of ways to synchronize a file across computers, it's just that Dropbox is by far the most conveniet at this point in time.
I agree that this is probably a bit to complicated for normal users.
My personal problem with lastpass is that by default your passwords are recoverable which means that by default lastpass or someone with access to their system has access to your passwords (you can disable this and read the source to their obfuscated javascript app for chrome to make sure that it is really doing what they say, encrypting locally then sending).[1]
Keepass at least is opensource and it works well when you use dropbox so long as you aren't accessing it on many different computers on a daily/weekly basis, then it just becomes a pain in the ass.
[1] This may have changed but I don't think they would appeal to many users if it has, and they do have an option to disable it but the obfuscated javascript is what stopped me from looking further.
How do you access your passwords on a computer that
doesn't have Keepass installed?
That's why you preinstall it, or put it everywhere, or use an OS that already has something similar installed (Apple's "keychain" software).
As far as people not using it, that's a social problem that would need to be addressed by company policy. The role of sysadmins in this is providing the tools to allow best practices, and to encourage their adoption.
> That's why you preinstall it, or put it everywhere
That's an unreasonable demand. You can't anticipate which computer you're going to want to check your email on, for example. Now this might be a good idea for just work-related passwords (as they only need to be used on work computers), but the problem there is that for non-web applications, you're probably going to have to copy/paste the password from Keypass.
> use an OS that already has something similar installed
I don't think I actually need to explain this. There are plenty of reasons why using a non-Windows operating system is not an option for many companies.
There's also the issue of installing Keypass itself. I see it has MSI packages available, which I know sysadmins at big companies like. There might be some other technical requirements for the password-storage software itself.
There's also the issue of installing Keypass itself. I see it has MSI packages available, which I know sysadmins at big companies like. There might be some other technical requirements for the password-storage software itself.
I've been carrying around KeePass on an USB flashdrive
for about 3 years now and haven't yet encountered a problem running it on random Windows machines. Deploying it is just a matter of copying 4 files to the target machine really.
Firefox has the problem of not supporting corporate management (MSIs and all that jazz). Chrome would be an option for this, though, as it has password sync and Google is adding support for MSIs or whatever the corporate types need.
