Adding a hardware key, like Nitrokey, would be an additional level of safety there. I would not use the database without some kind of additional key (something you know and something you physically have).
If there’s something nefarious that has user access, you’ve already lost in that regard.
Adding a hardware key, like Nitrokey, would be an additional level of safety there. I would not use the database without some kind of additional key (something you know and something you physically have).
If there’s something nefarious that has user access, you’ve already lost in that regard.
Just to add, you can also use multiple databases to help maintain separation
This is what I do: I have 3 KeepassXC databases (regular passwords, “security” questions, TOTP tokens) each with a different password.