Tags

, , , , , , , , , , , , ,

KeePass Password Safe for you and me

keepass_logoWhat is KeePass?  It is an encrypted database for passwords.  Or to over simplify, it’s a super duper hiding place for your secret stuff.  It is a database, or a list of stored information (in this case, your passwords).  It is encrypted, meaning that if someone gets the actual database, they cannot just open it without your super duper secret password.  The information in the database is scrambled like an egg, and only you know how to de-scramble it.  This allows you to put in all sorts of important secret information, such as all of your passwords for everything.  And you lock the secret box with a single password that you need to remember.  You can also set KeyPass up for dual-factor authentication, meaning that to log into it you need two forms of identification.  What you know (password) and what you have (a key file on your computer).  But let’s just stick to single factor authentication for now, and if anyone cares, I can cover the more advanced features some other day.

How To Set Up KeyPass

1. First off, download KeePass.  You can get it at the following url:

http://keepass.info/download.html

001

2. Click the link under Download for Professional Edition KeePass Installer EXE

002

3. Now comes the standard cookie cutter instructions to download the file somewhere, then run the file and install it with the default options.  I won’t insult your intelligence, just do it.

4. Now we run KeePass for the first time.  On the first run, it will want to create a database to store your goodies in.  If it doesn’t, from the File menu, select NEW.  First, select a location for the database.  I recommend putting this on your Desktop or in My Documents, somewhere that you can find it when you need it.  Give the file a name (for example, Passwords).  Note that it creates a KDBX file by default, which is fine.  Click Save to create the database.

003

5. Here is where we set up the actual credentials to log into our database.  I recommend that you check Master password, but do not check Key file / provider, and do not check Windows user account.  So again, the only option checked is Master password.  This is single factor authentication, folks.  I also recommend that you click the triple dot button, which will show you your characters as you type them.

004

6. Now let’s create a password in the first field, then repeat the password in the second field.  Note that it determines how strong your password is, based on the length of the password.  My password below is 103 bits.  Please please PLEASE set up a nice strong password based on the criteria of my previous blog on passwords.  Remember, if someone gets into this database, they own all your other passwords.  One ring to rule them all… Once you have both passwords in there, click OK.

005

7. You should now be in the Database Settings window.  I recommend ignoring all the cool tabs and buttons and options, and just clicking OK.

006

8. Now you should be inside your crisp new password database.  Note that along the left-hand side, it lists different folders to store data in.  Let’s create an entry for an email password.  First click on the email icon on the left folder list, then click the little Key icon on the top toolbar to Add Entry.

007

9. Enter a title for this account.  For example, this is for your Hotmail account.  Then enter your username for that account, and enter your password twice.  Remember the triple-dot SHOW CHARACTERS button so you can see what you are typing.  It will show you the quality of your password as you enter it.  Note that by default, it creates a randomly generated password for you.  I’ll cover that part later.  For now, enter your own password.

You can enter lots of other information if you want, under the other tabs.  But let’s just stick with the basics here.  Click OK.

008

10. Now your Hotmail password shows up under email.  You can repeat the process here, adding all your passwords to the database.

009

11. This step is very important – be sure to click the Save button to write your changes to the database.  It should prompt you to do so before closing, but don’t take a chance that your changes are lost.  Now you can close your database and go about your business, feeling smug and secure that all your passwords are safe and sound.

010

12. Oh now you want to know how to get your stuff back?  Boy you ask a lot of questions!  OK, so now when you open KeePass, you will face the login screen.  First, select the Folder icon for the Key File.

011

13. Find your KDBX file that you created when you first set up your KeePass database.  Remember?  I recommended placing it in My Documents or on your Desktop.  Some people store it out on a Dropbox folder so they can access their passwords anywhere they have Internet access.  But that is a whole different blog, folks.

012

14. Now enter your super secret master password.  Remember the triple-dot button is your friend, so you can see what you type.  Once that is entered, click OK.

013

15. Now you are back into your KeyPass database!  You only need to remember one password to access all your other ones.  And again, this KDBX file is encrypted, using your super master password.  Please, remember that password.  If you forget it, you’re done.  And don’t write it on a post-it note and leave it on the monitor or under your keyboard.  That is so 1996.

16. When in your database, you can double-click on an entry to view its password.  You can also just right-click the entry and copy it, then paste it into the program that uses the password.  Never type it again!

020

So now you know how to store all your super secret passwords in one single location.  In reality, you don’t need to remember them all any more, just your master password.  And as you can copy and paste right out of KeePass, you don’t ever have to type them all out again.

Some helpful tips

listen2You might ask the obvious – why do I need to remember passwords?  Can’t Firefox or Chrome remember them when I type them in?  Sure.  But remember that those passwords are stored only for that browser on that machine.  If you clear out some browser settings, they are gone forever.  And if your computer blows up with a virus, they are gone forever.  And if you go to another computer, they don’t come with you.  So keep them in KeePass.

And remember to back this KDBX file up.  I mentioned Dropbox, but you could also back it up on a thumb drive or even use Carbonite.  A wise person never assumes their stuff will just stay safe forever.  A wiser person backs up their stuff in more than one location.

keys

Since you really only need that master password to access all your other passwords, you could in theory create ridiculous random passwords for all your accounts, and store them in KeePass to access when you need them.  Here is what I mean:  You know from memory one password only, your KeePass password.  Inside KeePass, all your other passwords are not remembered.  They are instead very long, random passwords that you just copy and paste out of KeePass when you need to access those sites.  I do this quite a bit, personally.

Thankfully, KeePass makes such a task remarkably simple.  In KeePass, remember that when you create a new entry it automatically creates a randomly generated password for you.  But you can also use the built-in random password generator.  When inside an entry for KeyPass, note the little key icon next to the password.  You can click that and have it generate a password using a built-in profile rather easily.

016

Or better yet, you can select Open Password Generator.  Here, you can specify the length and complexity of a password.

017

I typically choose to create a password around 12 characters or so, using uppercase, lowercase, and digits (numbers).  Then I click OK and it dumps it right into KeePass.  I never have to remember it again.  Convenient and secure.  Some may ask why I didn’t select Special Characters.  You can certainly do this, and it makes it even more secure.  But I have found that some websites and computers are fussy about their passwords in relation to special characters.  You might want to tweak the password a bit if the website you are using the password on doesn’t like it.  In particular, some systems don’t like dollar signs or percent signs in the password, as these characters often represent something significant to the computer.

Anyhow, I hope you found this helpful.  Be secure!

Advertisements