KeePass, not as complex as you might think
I have a lot of logins at work. And while I’d like to say it’s due to good opsec (operational security) that I have a different password for each login, if I’m honest with you I’ll admit it was actually because every application has different password requirements. Certain maximum number of characters, certain number of special characters, they are all different and I had a bewildering password list.
I bet that’s the same with most people. It can be true in our personal life as well.
I knew about password managers but I had never gotten around to using one at work, and I had never used one at home because I didn’t like the idea of having all my passwords in the same place. I was straddling the line of using a series of very long, very complex passwords for security but I found I was inevitably repeating them and remembering more and more 30+ character passwords (passphrases really) replete with numbers and special characters was becoming a real hassle. But all that was about to change.
A few days ago I was called to log into an application I’ve not logged into for quite a while with a complex username and password and I said “Stuff it, I’m getting a password manager.” I had a proprietary option available to me for a password manager, but I’d already done a fair amount of reading and since I’ll take open source over proprietary any day of the week, I went with KeePass.
From the KeePass website: KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
I used it, I liked it, and I thought that perhaps others in the office might like it too. I wrote a bare bones, get you started guide on the installation and use of KeePass which I circulated to the team. If you might be interested in using KeePass, below are instructions (for Windows) deliberately written for a non-technically inclined audience:
Head to http://keepass.info/download.html
Download the first version of the professional edition.
Open the file you just downloaded and follow the installation wizard, leaving all options as they appear (except terms of service, kinda need to agree to that), and you can make a desktop and a quickstart icon if you so desire.
On first running the program it will ask you if you want it to check for automatic updates. Your choice, but best to say yes.
Once KeePass is open it looks a bit intimidating but fear not, there are only a few options you need. Click File, New.
You will get a window asking you where you want to save the password database file. Choose a location AND DO NOT LOSE THIS FILE. Back it up somewhere just in case.
Now, KeePass will ask you for a master password. This is the single password you need to remember and KeePass will ask you for this password whenever you open the program. Type your password, retype it, ignore all the other settings and hit OK. Just because the program is nice it will tell you how strong your password is.
Subsequently you will be asked for details regarding your database file. Not required but I’d suggest to click on security and press the 1 second delay button. Long story short it makes the file that much more secure, but if you press it heaps it will make KeePass slow.
Click General, give your database a name and a description so when you see that random file three months from now when you’re looking for things to delete to free up space on your computer you won’t delete it by accident. Click OK.
You now have your database. You will have two passwords already in there, they are just examples. Feel free to delete them if you like.
Pick a user name and password you want to store. Click the icon four icons in from the left, it’s a little key and a green arrow called Add Entry.
Give your entry a title so you know what it is, type the username, KeePass will already generate a password, you can use the suggested password or delete it and type your existing password if you like. Click OK and then back at the main screen hit Save.
You’re done.
To test, go to the website you just saved the username and password for, click in the username text field, open KeePass, select the username and password combination and press the icon nine in from the left, the keyboard keys with one green key called Perform Auto-Type. Watch KeePass type your username and password for you, and in most cases it will even log you straight into the website.
You can now one click every login field you have details saved for. Your welcome.
If you want to get more out of KeePass:
You can use this at home as well as work, just remember if you install this at home you will have two different databases so you will need to update one when you update the other if you are logging into the same places at home and work. You could be fancy and save the database in a shared application like Dropbox (if you trust Dropbox), but that’s up to you.
Now, if you want to make secure passwords, KeePass can generate them for you. When you add a new entry click the icon beside the Repeat field called Generate New Password. Click Open Password Generator. From the Setting tab you have lots of options for password specifications, but all you really need is to pick the length of the password and what characters to use and press OK. Remember, most websites have minimum character requirements for passwords, some websites have a really low maximum limit (Why??!) and some websites don’t like some special characters. Don’t stress though, the website will tell you when you try and save the password.
And that’s that. I’m hoping someone finds this of use.
Originally published June 16, 2016