As frustrating as they can be, passwords are still a way of life when authenticating to most systems and accounts. The worst thing you can do from a security perspective is use the same password for all of your accounts (and remembering the breadth of your accounts can be challenging as well).
A password manager stores all of your eggs in one basket, so to speak. While it might sound intimidating (what if it gets lost or stolen?), it actually allows you to maintain deeper levels of security. When using a master password you can access all of your account and password information via a single interface. With KeePass, all passwords are stored locally in an encrypted file (with a .kdbx extension), which cannot be accessed via alternate means such as opening it in a text editor or Microsoft Word.
SEE: Password management policy (Tech Pro Research)
When you fire up KeePass you start with a fairly blank slate (Figure A).
Click File then New to create a new database. You are given the following security options (Figure B):
You can use a master password, use a key file (a special security file, which must be present on your system before you can access your passwords), or tie access into your Windows account. I recommend using a master password, and KeePass will show you a helpful "estimated quality" bar which determines the strength of your security password.
Note: It is possible to use both a master password and a key file for heightened security; that way if your database file is lost or stolen along with your master password all is not lost.
You can also set up some options such as database encryption level, whether to use a recycling bin for deleted entries and password change selections.
KeePass will then open your new database. Note the default Groups to the left; you can customize these or add new ones by right-clicking in that space and choosing New Group.
To add password entries in a group, right-click the main window and choose New Entry.
Here's an example screen of what my KeePass entries look like (Figure C):
As you can see, the interface is intuitive and easy to navigate; clicking various groups to display and work with the password entries should be immediately familiar to any Windows user.
To add new entries, you can right-click the main screen and choose Add Entry. Let's look at the available options involved (Figure D).
KeePass allows you to generate passwords (or enter your own) and store these in an encrypted format. To create a password, click the Generate a Password icon to the right of the Repeat field (Figure E):
You can pick your own password, utilize a password generator to create a password (and specify options related thereto), or just have KeePass create one for you choosing one of the "hex key" options—the higher the bit level the more complex the password.
Although you can display the passwords by clicking the Show/Hide Password Using Asterisks icon to the right of the password field, it's also possible to skate right by without ever knowing the passwords involved and letting KeyPass set and store them all on its own.
It's easy to just copy and paste the passwords right into the login screen or box. You can open the entry and copy that string of asterisks, or just double-click the entry itself (or right-click the entry and choose Copy Password) to copy the details into your clipboard/buffer.
It's possible to save the website addresses associated with your accounts and even open them directly via the browser of your choice.
You can also add Notes such as the answers to security questions or other relevant details.
The Advanced tab provides the following capabilities: You can add string fields (such as usernames, credit card numbers or other details you want to copy and paste) and attachments here.
The Properties tab looks like the following screenshot (Figure F):
This allows you to color-code entries, add tags, configure a specific browser to open the associated URL, or work with plug-in data related to the website.
The Auto-Type tab resembles the following (Figure G):
The auto-type options here allow you to configure what sort of data is entered automatically and into which target window. For instance, a user ID followed by a password or standard keyboard entries such as space, tab, etc.
Finally, we come to the History tab (Figure H).
KeePass automatically keeps a history of your passwords if you change them in the program so you can check for previous passwords and utilize them on systems, which may not be configured with your current ones.
Once you've set up your entries, make sure to click the Floppy Disk icon in the toolbar to save the database. Then when you exit and re-open KeePass you will see the following prompt (Figure I).
KeePass has many additional powerful functions available through the File/Edit/View/Tools/Help options. Examples include:
- Searching entries
- Printing entries (not recommended)
- Adjusting database settings for higher encryption
- Adding triggers for workflows (like when an app is started)
- Synchronizing changes to a shared KeePass database file so others can access them
- Import/exporting entries
- Displaying passwords expiring at a specific time
- Setting KeePass to minimize to the system tray
- Configuring security settings such as auto-lock, auto-save or auto-exit, which options are available to users
- Assigning shortcut keys
- Associate the .kdbx file with KeePass (to allow you to open these via the Windows interface)
- Deleting duplicate or outdated entries
- Checking for updates
There are some precautions involving the use of KeePass: You should only use KeePass on secure systems, which are also password-protected, such as a laptop or mobile device. (I recommend configuring mobile devices to wipe themselves after 10 failed login attempts.)
You should also never write down the master password anywhere, of course, but must memorize it instead. Try a mnemonic trick like thinking up a special sentence, taking the first character from each word and formulating a password based on that. For instance: "I love Boston in the spring weather" would yield the password ilbitsw.
Lastly, if your significant other or family members might need this account/password information should you pass away or suffer amnesia, you should write up a series of instructions for them to do so—and transmit or store it someplace secure.
While KeePass only makes a version for Windows, their site helpfully provides links to ported (copycat) versions for Android, iOS, Mac and Linux. There is also a Chrome extension for it.
Best of all, KeePass is totally free.
- Top security tips revealed by industry experts (TechRepublic)
- 5 common browser security threats, and how to handle them (TechRepublic)
- Password managers: A cheat sheet for professionals (TechRepublic)
- How to get KeepPass password protection on Android with Keepass2Android (TechRepublic)
- 10 tips to help reduce user account lockouts and password resets (TechRepublic)
- The best password managers of 2018 (CNET)
- One in five employees share their email password with co-workers (ZDNet)
- From passwords to biometrics: How far are we willing to go? (ZDNet)
Scott Matteson is a senior systems administrator and freelance technical writer who also performs consulting work for small organizations. He resides in the Greater Boston area with his wife and three children.