KeePass Password Safe Tutorial
Every day we seem to get more passwords for stuff. You can’t risk using the same password for everything, because if it’s ever cracked or stolen (from you or from a web site), the wrong person has access to everything you do — it’s stolen identity time!
But, if you leave them in emails and other files on your computer, malware (malicious programs) may steal them and do all sorts of nasty stuff, including getting you blocked from networks or even fired from your job!
Oh, and LOTS of crackers know how to get the passwords you told your browser to “save” for you (especially on IE). Not very secure, right?
Now, you could get something that only works with your browser, for web sites (Roboform is one popular program) but be able to use it ONLY for web sites, and maybe be limited in some ways (support, number of passwords, etc.) unless you pay for it.
OR, you can get something that will work with any Windows program that requires a login (once Windows is up and running, that is — you’ll still need to remember that one, and the one for KeePass. Still, remembering two is easier than remembering dozens). One that will fill in your username and password, and even create really strong passwords for you.
Here’s a recommended program, used and tested at the Library, that will keep track of your passwords, (on campus and at home, if you like). For example, you can keep one group of passwords on your computer at work, and another group for personal stuff at home. Or put them all in one file. You can even put this on a USB drive, if you like, and carry it with you. It’s still encrypted, so even if you lose your USB drive, nobody else will be likely to steal them. And it’s OSI certified and award-winning and all that good stuff.
This is freeware (you don’t have to pay, but you can donate if you like). It’s an open-source program, copyright © 2003-2007 Dominik Reichl, with support from a number of other programmers.
* Click here for the download page.
Which version should you choose? The home page has several, but you should probably use 1.09 or the latest one, rather than the ones labeled “alpha” or “beta” — those are still experimental.
* Click on the KeePass 1.09 (Windows Installer EXE) (or whatever later version is considered to download it to your usual downloads directory. (If you prefer to put it on a USB drive, then you can use the version for that, or the one for the PortableApps menu — if you already have that on your USB drive — or the U3 drive versions, as needed.)
For a USB drive, download it directly to the USB drive.
* Click on the file to install Keepass. Just follow the instructions and select the defaults.
* Now, dig out those postits and emails and whatnot that hold your logins and passwords. You’re going to set up Keepass and enter them.
* Start Keepass. When you begin, you haven’t set a password for it, so it starts up without that the first time. You get the mostly blank window.
* Click on the white page icon to start a new file.
* Now is the most crucial part. Select a good password, at least 8 letters and numbers long, that you can remember.
The first 3 words of your favorite song followed by the digits of your junior high locker combination number, or whatever. Just be sure you can always remember it, and that THIS one is not easy to crack. It will protect all the others from now on, and is the only one you have to remember (lose this one and you’re toast — unless you take a precaution mentioned later).
* Check Use password and key file and put it on the drive you select (either c:\ for your computer’s hard drive, or on the USB drive).
REMEMBER: the next computer you use a USB drive on, it might use a different letter for the same USB drive, so you have to select the current letter drive for the USB drive if that’s where Keepass keeps the password and key file.
The file for the KeePass password is called pwsafe.key and is encrypted heavily. A cracker should have a better chance of getting hit by a meteor than cracking this, with current technology, as long as you gave it a good password.
* You are asked to repeat the password (just as a precaution). Enter it again.
* Okay, now you get the Get random data for key generation window.
(You don’t really need it, but this is another handy way to generate a key. On the left, you can move the mouse around and have a key generated (click on Use mouse as random source button), or on the right, you can just type random stuff in. Do one or the other.)
* Click OK.
Now you’re back out at the main window again.
On the left, you have categories of records. Under General, you have Windows, Network, Internet, Email, Homebanking, and Databases.
* Under Tools drop-down menu, select Options.
* The first tab is Security.
If you leave your computer up and not protected when you are out of the office for lunch or meetings, you probably should have the “Lock workspace when minimizing the main window” checked at work. At home, this might not be so important.
* The next tab is Interface (GUI) and you can check all the boxes. You might also go down to the every second row has a different background color option and choose a light color. This will make it easier to follow across the lines later (much like a spreadsheet).
* Skip Files tab and move on to Memory and check the first box for Timed .
* On the Setup tab, you can associate the password key file if you like. This is optional.
* On the Advanced tab, you have some choices. Check under Start and Exit:
- Remember last opened file
- Automatically open
- Automatically save boxes.
- Automatically generate random password (but you might want to wait to do this one until you enter all your existing passwords. After that, you can have Keepass generate any new ones you need, or go back to those web sites and change to more secure ones).
* When done, click on OK and get back to the main screen for Keepass.
* Click on Internet and get out one of your logins.
* On the gold key with the green arrow icon, click that and get the Add Entry window.
* The Title is whatever will remind you what this password is for.
* The user name is the login name the site uses for you. On some sites, this might be your email address.
* The url is the web URL for the web site’s login page.
* If you checked Automatically generate random password, you already have a good password in place. If you just see a row of asterisks, go to the View drop-down menu, and uncheck the Hide options.
WARNING ON PASSWORDS: it is easy to confuse 1, lower case L, capital and even lower case i, when you print these out. If you see any of these characters in the password generated, change them to something else, or make them capital L or some other letter or digit. It’s just as secure.
Notice the color bar for Quality is well into the green on generated passwords. Try to use passwords that at least start the green in the bar when possible. You can shorten the supplied password if you like, but try to have at least a bit of green showing at the far right of the color bar. Since you don’t have to remember this, you don’t have to worry that it doesn’t remind you of anything, and will be almost impossible to remember. THAT’S THE POINT. Keepass is going to remember it for you.
You’ll never have to type in a login for most uses again. You just remember your opening Windows login, and the one password for Keepass.
* If you already have a password for a web site, enter that instead of the generated password. Look at the color bar and see how strong it is. (Probably not very! That’s normal, though. Next time you go to that site, however, you might let Keepass generate a new password for you and change to that instead.)
* Once you enter the information and your current login and password into the Add Entry window, plus any comments you might need, you click OK to close it, and then go up to the blue diskette icon to save it. Normally, you save the file to the root directory on your c:\ drive, unless you are saving to a USB drive version — then save it onto that USB drive. You’ll also want to save a copy of this to your directory on the N: drive later, just in case.
Remember to ALSO save a copy of the pwsafe.key file with the main password file on the same drive. If you want to save a copy of all your passwords to your USB drive or a network drive, then save a copy of the pwsafe.key file right next to it.
If you like, you can add categories to break the supplied ones down even more, or handle different things.
Now comes the cute part.
* Click on one of your passwords to highlight it.
* Right-click on it and choose Open URL.
Hey, you’re at the web site.
* Now click in the username box to get the cursor there.
* Now switch to Keepass (just alt/tab to switch from program to program).
* Now right-click and select Perform Auto-Type. The user name and password is filled in for you, and the Enter key is pressed, all automagically.
And now you’re logged in to your web site. If you don’t need the username (say, if the site recognizes you with cookies and just wants a password), one of the buttons on the KeePass toolbar will copy just the password to your clipboard so you can paste it in. There’s a time limit on it, so you don’t accidentally paste it anywhere else.
This works with IE, Firefox, and all sorts of programs needing logins in Windows: LionsLink, Banner, whatever.
But — what if you lose your file, or your USB drive? Here’s that precaution mentioned above.
* Before that can happen, and EVERY TIME YOU CHANGE OR ADD A PASSWORD, go to the File dropdown menu and select Print Preview.
* Check the boxes for Password Groups, Title, User Name, Password, Notes and click OK.
* Keepass opens up in your default browser with a display of all your vital information. Print this off and keep it someplace safe, EVERY TIME YOU CHANGE OR ADD A PASSWORD. Now you have paper backup of your file.
You can do this at home, too. It’s freeware.
* VERY IMPORTANT: click on the blue diskette to SAVE your data EVERY time you create or change a password.
* Faculty and Staff: Save a copy to your directory on the N: drive. On the top bar, click on File, then Export to, then select KeePass database. You can name it anything you like. Remember to do this again every time you change/add/delete passwords and you’ll be protected that way too.
* Now, copy the pwsafe.key file from your computer to the N: drive also. You only need to do that once, unless you change your master KeePass password.
From any computer with KeePass installed, you can get the file of passwords from the N: drive, using the pwsafe.key file there for the password protection. Nobody, even the campus computer staff, can get into that file without your password.
There are more detailed instructions on the KeePass Password Safe site.
As always, this is use-at-your-own-risk, but this is tested and used at the Boreham Library.