Using KeePassX To Store Your Passwords SafelyPosted: 6 July 2012
KeePassX is a program for storing your passwords in a convenient and very secure way. Here is a excerpt from their webpage (with slight modifications):
KeePassX saves information such as user names, passwords, urls, attachments, and comments in one single database. The entries are sorted in groups. KeePassX also offers a little utility for secure password generation. The complete database is always encrypted either with AES (alias Rijndael) or Twofish encryption algorithm using a 256 bit key.
The official site can be found at http://www.keepassx.org/, where you can download KeePassX for use with Linux, Mac, and Windows.
This is an introductory tutorial in order to get you started.
1. Start the program. When you open your new database choose a master password (see Figure 1). THIS IS THE SINGLE MOST IMPORTANT PASSWORD YOU WILL HAVE: if you lose this password, you will lose access to all of your passwords. Also, the strength of this password will determine how safe your password database is. (See below for more on password strength.)
An aside: If you have a safe place to store your master password, you can write it down and store it there. But make sure no one else can get access to this password, since if they do they can access all of your passwords. (I myself have one memorable password that is very long and I do not write it down.)
After you enter your master password, you will be asked to confirm this password.
Although also having a key file is more secure, I will not cover this in depth in the tutorial. Basically, the idea is that you have a file saved on the drive of your choice—e.g., on a usb stick—and only when that file is also present can you open the database.
2) Once you have set your master password, you will see an empty database. In order to begin populating your database with entries, you can click the “Add New Entry” symbol (see Figure 2).
3) You will now be presented with the New Entry box (see Figure 3). Fill out the necessary information. (NB In this example, I have clicked on the eye symbol next to the password box in order to show the password in normal text. If you do not click on the eye symbol, your password will appear as a string of asterisks, i.e., *******.)
In your new entry you can save the following, all of which will be safely encrypted:
- Username and password
- Url for the website
- The expiration date of the password
Note that I have used a randomly generated password. Since all of my passwords are stored in a database, I only need to remember one password to have access to the database, from where I can copy and paste the random passwords. In order to generate a random password, click in the “Gen.” box (next to the “Repeat” text box in Figure 3, under “Password”). You will be presented with the password generator parameters (see Figure 4). Once you have set the parameters, click on “Generate.”
When you have finished with (i) your randomly generated password (Figure 4) or (ii) your New Entry (Figure 3), click “OK” in the lower right corner. This new entry will now be stored in the respective group (here the group is “Internet”; see Figure 5).
In order to use KeePassX in your every day life—that is, to copy and paste the username, password, url, etc. from your entry—you can either right click on the entry or use keyboard shortcuts when the entry is highlighted.
- For example, when using a Mac I click on the entry I want and use “command key + u” to open the url in my preferred browser.
- The I use “command key + b” to copy the username. I paste it in the “log in” box using “command + v.”
- Then I use “command key + c” to copy the password, which I paste into the password box using “command + v.”
- Note that for security reasons, in my preferences I have set the clipboard to be cleared after 20 seconds.
4) If you are like me and have many passwords for many different things, you will want to have different groups and subgroups.
In order to do this, click on the “Groups” dropdown from the panel and select “Add New Group” (see Figure 6).
When you click on “Add New Group,” you will see the following entry box (Figure 7).
Provide a title and select an icon for visual aid in keeping your groups organized. When you click OK, you will now see your group in the database (see Figure 8).
You can add new entries to your group by following steps 2 — 3.
Once you are done, save your database. The file extension will be kdb. Now you can rest assured that your usernames, passwords, attachments, etc. are saved in an encrypted database which only can be accessed using a master password (or a master password with a key file, if you have chosen this option). But remember, your database will only be as safe as your master password, and if you forget this master password, you will lose access to all of your passwords.
A note on passwords:
- Choose a long password THAT YOU WILL REMEMBER. The best password is one that is easy for you to remember but very difficult for someone else to guess.
- DO NOT USE A WORD FROM THE DICTIONARY. It is easy to use a computer to run through the entries in a dictionary.
- DO NOT REUSE A PASSWORD: that is, make each password unique. Why? Recall when the LinkedIn website was cracked in Spring 2012. If the password used for that website is one used for many different sites, the data on all of those other websites is now compromised. Do not risk it. KeePassX will make it easier to keep those many passwords unique.
- Check out this calculator to see how long it would take to crack your password using ‘brute force’ search (that is, trying all possible combinations). Note that this calculator does not tell you how good your password is. For instance, the password “password” may take a 6.91 years at 1,000 attempts per second, it will not take very long to guess as it is one of the most common passwords.
You never, ever want to leave a password on your computer in plain text. For example, anyone can boot the computer from a live CD or USB drive and copy the entire contents of your hard drive—whatever is not encrypted, the perpetrators have access to. This is the biggest advantage of an encrypted database. No one can access it without that master password. Also, you can carry your passwords around on a USB stick if you want and rest assured that even if the pen drive is stolen or lost, your passwords are safe—well, as safe as that master password is good.