Using the KeePass Password Manager

Passwords are an important part of our digital lives, but keeping track of them can be difficult. It’s best practice to have a unique password for each service you use – otherwise if someone hacks one password, they instantly have access to all your other accounts.

The problem is, as you create more and more passwords, it gets very difficult to remember all of them!

Previously we covered how to keep your passwords secure. In this article, we will show you how to use a password manager to store all the different passwords you have, safely.

What is a Password Manager?

A password manager is a program that you can use to store all your passwords securely encrypted. This means you only have to remember your Windows login and a “master password” to access all your passwords – the rest are stored by the manager.

Password managers can also generate passwords for you – and because you don’t have to remember them, they can be long and complex.

There are plenty of password managers to choose from – including LastPass, KeePass, and RoboForm.

What we use at Alberon

Our favourite in the office is KeePass, a popular open-source password manager that stores your passwords in an encrypted database file on your computer.

Reasons why we recommend KeePass:

  • Free
  • Portable (it can be carried on an USB stick and runs on Windows systems without being installed)
  • Open source (this means you can view the source code of the program if you wish, so you know there is nothing malicious included)
  • Very secure – uses government-standard encryption (AES) to protect your passwords.

You can read more about KeePass and its features on the KeePass website.

How to setup KeePass on your PC

Here is a brief guide to getting started with KeePass – more detailed instructions are available on the KeePass website.

1. First, download KeePass. We use the ‘Classic’ version, which is a little faster. Install this on your computer.

2. Open KeePass. Click ‘File -> New’ to create a new password database.

3. Set a new master password (I used ‘$BoatSnakesIceCream$’ here; you should use something different but similarly secure – at least 12 characters long). When it asks you to repeat it, enter it again.  There is a box that says ‘no key file selected’ – this allows you to require a special key file in addition to your password. It is not required, however – so you can ignore this for now.

4. Click File -> Save and save your password database somewhere on your hard drive – ‘My Documents’ for example.

How to save a password to KeePass

1. Click Edit -> Add Entry (or press Ctrl + Y).

2. Enter the username for the service. KeePass will generate a password for you – you can either use the one KeePass generates for you, or change it to your existing password (Click the ellipsis button to show/hide the password).

3. Click File -> Save (or press Ctrl + S) to save the database. Do this every time you add a new password.

How to look up a password in KeePass

1. Use the search bar to look for an entry.

2. Right click the entry and select ‘Copy Password’. You can then paste it wherever you like.

About the Master Password

The Master Password you use to access your password database is very important. It gives access to all the other passwords you have stored in KeePass. If someone finds it out and gets access to your database file, they could access all your passwords – but if you forget it, you won’t be able to open your password database!

It’s really important to strike a balance between something long and complex (preferably at least 12 characters) and easy to remember. Don’t use well-known phrases (e.g. ‘tobeornottobethatisthequestion’). Try to use random words chained together with some numbers and punctuation – for example ‘GlassSatellite$55’.

It may be a good idea to write down your master password if you think you may forget it. Don’t store it on your computer, or anywhere nearby, instead write it on a piece of paper and put it in a safe or somewhere very well hidden! Do not write anything that would identify what it is for, in case you lose it. If you lose the piece of paper, or someone finds out your password, change the master password immediately.

If you’d like more tips on how to pick a secure master password, please read our previous article.

Tips and Tricks

KeePass has a lot of advanced functionality – including the ability to automatically type your passwords. When KeePass is running in the background (with an opened database) and you press the hot key, it looks up the correct entry and executes its auto-type sequence. You can view more on the KeePass features page.

You can store your KeePass database (.kdb file) in a Dropbox account, then it will be synchronised between your home and work computers, or carry the .kdb file with you on a USB stick so you have it with you wherever you go.

Remember to add your KeePass database file to your backup routine – lose the database file and you won’t be able to get your passwords back!

There are also KeePass apps for Android and iPhone, so you can access your passwords on the move.

Conclusion

Although it might seem like a hassle to setup at first, using a password manager can save you a lot of headache in the long run, and you’ll never forget another password.


2 comments

  1. 10th July 2014 Jane Mackay said:

    Hi

    Does KeePass work on a Mac – currently OS X (10.5.8)? If not, can you recommend the next best password manager?

    Thanks

    Jane M.

  2. 18th July 2014 Dave Doman said:

    Hi Jane,

    There are unofficial ports of KeePass that work for Mac, but you are probably better off using LastPass.
    LastPass works differently to KeePass but is a solid password manager, and has similar security features.

    Hope this helps.


leave a comment

Your email address will not be published. Required fields are marked *.

.uk Domains - what you need to know Keeping your passwords secure