This one is worth at least three dagnabbits, a golly gee and two daggums.

I use KeePass, or some of it’s forks, flavors and versions, for password management. I store the database locally on each device and keep them synced between devices with Syncthing.

I got a notice that a password on one of my accounts had been compromised. So I went to that website on my desktop, logged in, changed my password, and updated the entry in KeePass, saved and quit the application. I checked my phone to see if the change had propagated there…it hadn’t.

I started poking around, making sure Syncthing was running, I went so far as to copy the database on my PC somewhere, delete it from both systems, and then put it back on my PC to see if I could get it to resync the whole file at once. The change didn’t propagate.

Somehow I ended up in Keepass’ settings menu on the phone, and noticed an option called “Database Caching.” Turns out, it had copied the database to the app’s cache directory, and it was pulling from there rather than the actual file. I guess assuming that the database would be stored in the cloud or something, rather than in the device’s onboard storage.

That’s 25 minutes I’m not going to get back, and now neither will you!

  • Noja@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 hours ago

    Yeah, Netflix has my phone number, so any non-netflix breach which did not have my phone number would now also include my phone number. That’s pretty bad security. I just remember a single, very strong password and can access all accounts securely. I started using a password manager and maximum security passwords everywhere after my ancient skype account got hijacked via a leaked password and started messaging all my contacts with spam links.