Please Grade my Safety Arrangement

[theCheetah]

Since I have to work with a slew of different servers with different strong passwords, I am planning to install the KeePass Password Safe software(freeware) on my USB drive and use it to store and carry my passwords. Keypass allows you to save passwords controlled with a single master password. In that way in case someone finds the USB drive they cannot retrieve the passwords since it is encrypted(AES+Twofish).Further the software also deletes the records after 3 failed attempts. However I still feel unsafe with this implementation, while my boss thinks this is a perfect solution. On a scale of 1 to 10, where 10 is the most secure, what do you guys think is the safety rating of this arrangement.

 

[Barfo]

7

 

[Nothinman]

Depends on how much you trust the KeyPass software.

 

[ElDonAntonio]

Originally posted by: Nothinman
Depends on how much you trust the KeyPass software.

A chain is as strong as its weakest link, so Nothinman is right: KeyPass is the "weak link" and it depends on its reliability. Of course, it also depends on the reliability of your master password.

Also, aren't you going to keep a backup of all these passwords somewhere? what if the USB key is lost/stolen?

 

[Nothinman]

A chain is as strong as its weakest link, so Nothinman is right: KeyPass is the "weak link" and it depends on its reliability. Of course, it also depends on the reliability of your master password

That and I consider close source cryptography software questionable at best.

 

[HeroOfPellinor]

I don't think this is an issue of safety at all. It's more a matter of convenience. So it's tough to give you grade on safety.

As for me, I don't put anything on our servers without very heavily weighing the potential side effects and even then will only proceed if there is a very strong need for it and I damn sure wouldn't have any freeware on them. Maybe that's why I've been doing this sucessfully for seven years.