This is the kind of control that is really becoming a luxury.
And I don't know how we get back to a simple state; Let's say you're a family of three with shared services and accounts:
Keeping everything under Keepass means handling the file sync between all the devices and OSes, with potentially your credentials flying through third party sync services, thus negating most of the advantages of Keepass.
Moving to something like a self-hosted Bitwarden instance should be the way, but then one member of the family becomes a dedicated lifetime sysop making sure that instance is secure while being accessible anytime from everywhere.
It shouldn't be a luxury, but it unfortunately is due to various big players refusing to play nice together.
If everyone has only apple devices (iphones + macbooks), then you can use a shared iCloud sync'd folder.
Except that doesn't actually work because the majority of iOS apps are incapable of using a shared iCloud folder correctly (including apple's notes app, most of apple's apps) because apple tries to hide the filesystem so much, that even saving a file into a folder is basically impossible for most apps.
That also doesn't work if anyone uses linux or windows because apple refuses to play nice with other ecosystems.
If everyone _doesn't_ use iOS devices, there are dozens of solutions that work well, from a shared google drive folder, to syncthing, but if even one person uses an iOS device, then suddenly none of the shared folders work, because apple has made it so creating a shared folder on iOS is bad for iCloud, but even worse for any third party app (be it google drive, syncthing, an FTP based solution, etc etc).
I guess what I'm saying is that apple tried to kill the filesystem, and in doing so has made it so the very idea of just sharing a folder of files securely seems like a per-app luxury.
Instead you need a shared photo album for photos, a shared notes folder for notes, a shared "apple invites invite" for a calendar event, etc etc. Apple has a lot to pay for, and a hatred for folders that has caused the entire industry to move away from simple secure app-independent sharing is one of them.
Instead, we have a jumble of apps being forced to implement their own sharing concepts poorly and often insecurely.
FWIW, Apple has had at least two partners in crime here - both Google and Microsoft had, and still are, trying to kill the filesystem in this way, too.
The trio mostly succeeded, which is a big part of why modern computing sucks so badly, and is more confusing for non-tech people than what came before, rather than less.
Syncthing works great for this if you have an always on computer. If you don't you can use a server and add it as an untrusted recipient if you have to, though I would not bother since the database is encrypted with your password anyways, and is not vulnerable if you never reuse your db password and there is enough entropy.
And you can use keyfiles that you sneakernet between devices at setup time, so those are never exposed to the syncthing shared folder. I don't think this adds much security since presumably if someone can compromise your syncthing secrets, they could probably grab your keyfile too, but in the event of a syncthing vuln that doesn't lead to other filesystem access, it might help.
The whole point of a password manager is to be reliable when shit hits the fan. If my phone dies I want every changes to be available to the other synced devices, especially when it has been away from home for a while (losing newly created accounts or passwords during a trip is just miserable)
My phone doesn't have my main password safe. I don't trust that thing. If a stupid app decides to log me out, I can't login until I'm back home. I never created an account "on the go", but I had to do a password reset once. I will use a standard password until I'm back and change it to a randomly created one.
I can't even login to my bank without a special token device. I don't have that with me either.
A different life is possible. That's all I'm saying.
As TheDong points out int he other comment, I also had Keepass working well when absolutely everything in the house was Apple.
It went down the drain when I switched to android and the kid to a Chromebook.
This is the proverbial strategy tax working out, where the strong ecosystem play is biting us hard enough. Moving to Windows+WSL actually made my life easier, even as the other member still have some Apple devices.
This. I have enough devices under frequent use of the keyfile that the chance of each of them beings corrupt is extremely unlikely (n>=3 at any given time).
That being said, not an approach useful for all and a good mental model and sharing system with redundant copies on flash media / live systems/ mobile devices can be an effective strategy.
Use case: 10+ year keepass user, never lost a credential or had one compromised that affected more than one account due to breach. Thank you Keepass devs!
So what if it does? Worst case you just go through the account recovery process at each institution. Password managers are a convenience. Data integrity isn’t critical but security is.
In the real world, there's always a recovery procedure. It might involve visiting a court or some local administrative offices, but you can always recover access to anything that's important.
Not so with Google, or other on-line services that came from the tech industry side. Cybersecurity "best practices" is basically giving you a razor blade, and kicking you out if you hurt yourself with it.
