Originally Posted by deids

Thanks ScifiWiskey. Can you create a tuturial and put under the Tutorial & Guides ?

The last time I tried to make a tutorial somewhere, it was a disaster. I don't "forum" well and formatting makes my brain hurt. But I can expand on my post.

Why KeepassXC and Keepass2Android?

Both can use the same database without issue and both support HMAC-SHA1 challenge-response; use one on your widows/linux computer, the other on your android phone.
Of course you don't need both if just one will suit your needs.

What is a security token?

There are several that support HMAC-SHA1, but I prefer the Yubikey, it is nearly indestructible with a convenient form factor at a fair price. Choose your usb type, with or without NFC as you need. This video https://www.youtube.com/watch?v=r6Qe9Z-kOH0 will point in the right direction. If challenge response is enabled on your database, you have an effective second factor authentication. Warning: when you use the Yubikey configuration tool, it writes a log file containing the numeric secret, you DO want to save this file, but DO NOT leave it on your computer. Perhaps a USB stick?

Why HMAC-SHA1?

It doesn't require syncing to time or increment, so making a spare key becomes an option.

Where should I put my database?

If you are using only one device, then put it on that device where you like. If you are using several, then you need to put somewhere internet accessible. Keepass2Android has several options build in, including Dropbox and WebDav. Dropbox is a popular choice, being able to keep things in sync. On PC, point to your sync folder.

Why do I need a back up?

The more you use any password manager, the more valuable it becomes. Mistakes happen, machines break, evil people exist. There as many backup strategies as there are stars in the sky. Pick one and use it, preferably with versioning. Where most people fail, is they don't backup. Just do it.

Thanks for reading, I hope somebody finds my ramblings useful.