6 min read
You should be! With all the numerous data breaches including the Equifax hack of 2017 (which affected nearly HALF of the people in America), people should be very concerned with securing their data. You need to make sure you're using both strong and unique passwords for each website in case your password is stolen. You also need to remember all these passwords if you're not using any kind of password manager. In today's post we cover setting up and using my favorite password manager which solves all these problems: KeePass.
Isn't Chrome's / Firefox's Password Manager Good Enough?
Long story short, no. Here's why:
- This will only help you in the web browser, not in other apps that you very likely use
- Similarly, it introduces "vendor lock-in", meaning you'll be forced to rely on Chrome instead of a viable alternative like Firefox or vice versa unless you manually export your passwords
- You can view your saved passwords, however you can't change them.
- You can't easily generate random, strong passwords for new accounts, you can only save a password you come up with yourself.
However, it is better than nothing. Though it may seem convenient, there's a much more robust solution that only requires a little more effort to ensure that your passwords aren't dependent on a specific browser.
What is KeePass?
KeePass is an open source password manager that has applications for Desktop, mobile, and browser-based integration to make your life easier. Using KeePass, instead of remembering every one of your passwords, you only need to remember a single master password to unlock the database of passwords (or have a key file, which I'll cover below). This master password encrypts the database with the most secure encryption algorithms currently known (AES and Twofish).
There are a variety of downloads you can choose from on https://keepass.info/download.html.
I suggest using KeePassX which is intended to be a cross-platform desktop application. You can check out the source code on GitHub. You can install the binary for Windows and Mac here, or if you're on Ubuntu/Debian you can simply do the following:
sudo apt-get install keepassx
Browser (Chrome and Firefox)
I just started using KeePass Tusk for Chrome. It's a recommended solution for Firefox as well, giving you the ability to autofill entries. However, it strongly recommended that you backup your password database to the cloud, which you can set under "Settings" or you can choose to manually upload from your machine's filesystem (the option is all the way at the bottom).
I personally use KeePass2Android which you can download on the Google Play Store for free here.
I don't have an iPhone so I can't personally recommend a good KeePass app, but it looks like KeePass Touch on the App Store is promising, plus it's free.
Setting It Up
With a Master Password
Regardless of where you're installing KeePass, you can opt to choose a master password when setting it up for the first time. If you choose this, you'll need this to be something memorable because if you forget this one password, you'll lose access to everything you stored into the database and forgot about. I suggest a simple sentence or a combination of words and numbers. Remember, spaces are valid characters! For example (and please don't use this):
I wish I had 2 cats.
With a Key File
Alternatively, you can use something called a "key file" that will be used to unlock the password database instead of a master password. If you enable this option when setting up KeePass for the first time, you can choose an existing file from your device or in the cloud to use as the key file. This doesn't need to be anything in particular, so you can pick an image, text file, PDF, etc. Be careful though, because if this file gets deleted and isn't backed up, you won't be able to unlock your password database just like if you forgot your master password.
You can choose to use both if you prefer, but be warned that not having either will prevent you from unlocking your password database.
Any device reading the KeePass database (*.kdbx file) from a cloud like Google Drive can also update the database when a new entry is added. The key file, if used, is not updated if a password is added, removed or changed.
Next, you'll be able to change where the encrypted password database is stored. If you're on Android (KeePass2Android), you'll be able to specify to store it in the cloud (e.g. Dropbox or Google Drive) like in the following screenshot. If you're using the desktop version (KeePassX), you'll want to store it in a folder that's backed up by something like Google Drive (which I recommend for automatic syncing), or you'll need to manually back it up yourself. By storing it in the cloud as opposed to on the device itself, you'll be able to easily sync your password database across all your devices so any changes you make on your phone, for example, will be readily available on your desktop when you need it.
Once you have created a master password / key file, picked where to store your password database, and created it, you can start storing and reading passwords. If using KeePassX you can hit the key icon with the green arrow at the top or if you're using KeePass2Android, hit the + button at the bottom and then the key with a plus icon. You can either manually enter a unique password or you can have KeePass generate one for you with your choice of special characters, numbers, character case, and password length. Make sure to enter your username and the relavant site as well so you know what the password is for.
Once you have your entries created, you can use the "copy user to clipboard" and "copy password to clipboard" buttons in KeePassX after clicking on the entry in KeePassX or tap "copy user" and "copy password" in the notification banner for KeePass2Android. You can then paste these on the login page of the site or app you're trying to log into.
Visiting the Fidelity login page on Chrome with the KeePass Tusk Chrome extension.
Alternatively, if you're using a browser-based plugin like Tusk, you can set which KeePass database file (and optionally the key file) to use and unlock it to autofill your passwords on login pages.
Overall, KeePass offers plenty of options regardless of your operating system or browser of choice. Nowadays there are too many passwords you likely need to remember and oftentimes they need to be sufficiently complex per the website's requirements. A password manager like KeePass is meant to provide you peace of mind so that you never need to worry about weak or lost passwords again. If you haven't tried it out, a highly recommend it even if you're not super tech-savvy.