Password Management

In today’s world there is so much risk in not having safe passwords. Having safe passwords can be a bit of a hassle, though, when you have hundreds to remember. That is why you need a password management tool, so you don’t have to remember the passwords.

There are many different password manager apps that you can get these days. Some are free, some are not. I tried LastPass, Dashlane, 1Password, KeePass, and a few others. Ultimately I decided that KeePass was good enough, and it is free. If you know me, you know that I like free.

Getting Started

So how do you get started with KeePass? You will need to download a KeePass app on each of your devices that you want to use for viewing passwords. I also suggest using some sort of cloud drive system for synchronizing your database file between your devicse. I chose to use Google Drive simply because I already use Google Drive. You could use any others like One Drive, Dropbox, etc.

Here are links to each of the downloads I used:

  • Windows
  • Mac or Linux
    • KeePassXC
      • I chose this app because the original KeePass app is built for Windows and I found that it didn’t run very well on Mac with Mono. KeePassXC is a native Mac OS app and runs great. In fact it is also compatible with Windows.
    • Google Drive
  • Android
    • Keepass2Android
      • I chose this because it has a built in Android Keyboard that can be used to pull credentials out of my KeePass database without leaving the app where I am entering credentials.
    • Google Drive

Creating a Database File

After installing all of the necessary apps on my devices, I created my KeePass database file by doing the following:

  1. Open KeePass 2 on my Windows Laptop (you could do this step on any of your devices)
  2. Click the New icon at the top leftkeepass_new.png
  3. Select a location to store the database file and give it a name. I selected the Google Drive folder on my laptop as the destination for my database file.keepass_drive.png
  4. Enter a master password. This password will be the only password you will ever need to remember from now on, and it will be responsible for keeping all your other passwords safe. So chose a long secure password that you can easily remember. A good way to do this is to use a sentence or combination of easy to remember words.keepass_masterpassword.png
  5. Name your database. This step isn’t really important unless you’re planning to have multiple databases. I just gave it a simple name.keepass_databasename.png
  6. Add all your passwords one at a time by clicking the Add Entry button at the top left corner. At a minimum, you should give each entry a title (like gmail), a user name, and a password.keepass_addentry.png
  7. Click the save icon at the top left
  8. Now I have a database

For additional information you can view the KeePass help.

Synchronization

Since I placed my database file within my google drive folder, it will automatically be synced to Google Drive. Therefore, it is crucial that my google account be secure. I have 2 step verification enabled on my Google account. I highly suggest you do the same. If you don’t know how, follow these instructions.

I can now open my database file on my Macbook simply by opening the KeePassX application and then selecting the option to open an existing database file. On my Macbook the database file appeared in my Google Drive folder, so I simply selected that and clicked open. After clicking open, it asks for the master password that I entered when I created my database file before. Now that I have the database opened, I can add entries and click save, then the database gets synced back to Google Drive and to my other devices. I suggest only modifying the database on 1 device at a time. If you make modifications on 2 devices then click save then you will get a merge conflict and Google Drive will ask you to select which copy to keep.

On my Android device I opened Keepass2Android, selected Open Database, selected Google Drive, then clicked on my database file. I enter the master password, and boom! I now have access to all of my passwords.

Auto-Type

There is a handy option available in KeePass called Perform Auto-Type. What this does is it will automatically type in the username and password for the particular entry for you. To use this, go to the website or app where you want to login and place your cursor in the username field. Open KeePass and right click on the entry you want to use and click Perform Auto-Type (or type ctrl+v/cmd+v). KeePass will automatically switch back to your other app, type in the username, tab to the next field, type in the password, then hit enter. This works in most cases, but one problem I found is that when logging into some services you need to enter 3 entries. Like maybe a domain or account name. One example of this is logging into the AWS Console. In order to handle these cases you can modify the Auto-Type procedure for a particular entry. Here is how I made a custom sequence for the AWS Console:

aws.png

  1. Double click on the AWS credential entry in KeePass
  2. Click on the Auto-Type tab at the top
  3. Select the radio button that says Override default sequence
  4. Enter in your custom sequence. The AWS Console webpage loads with the cursor in the username field by default. To handle this, I used a custom sequence that first does a shift+tab to go up to the Account ID field, then it tabs down one at a time to the username and password fields. This sequence looks like this (note that the shift key ‘+’ doesn’t work in KeePassXC): +{TAB}{S:Account}{TAB}{USERNAME}{TAB}{PASSWORD}{ENTER}autotype.png
  5. Save the sequence. Don’t forget to save your database file after making changes to any database entries.
  6. Now when I load the AWS Console page all I have to do is click Perform Auto-Type and all 3 fields are populated for me.

 

autotypebutton.png

MFA or TOTP Keys

It is a good idea to use multi-factor authentication, or 2 step verification, when possible. If you are not familiar with this, basically it means that after you enter your username and password you are prompted for an additional password (or key) that is generated for you. A common way to get this generated key is by using the Google Authenticator app on your smart phone. This makes it much more difficult for people to get into your accounts. Another way to generate the MFA key, which I think is very convenient, is by using the KeePass app with an installed plugin. I have this working on my Windows laptop. If you use KeePassXC then there is no need to install the TOTP plugin because there is already one built in, so skip down to step 6 (the steps will be a little different, but similar in KeePassXC). Here are the steps I took on Windows to get this working:

  1. Close your KeePass application
  2. Download the latest version of Tray TOTP
  3. Open file explorer and browse to the directory where you have KeePass installed. This is usually C:\Program Files (x86)\KeePass Password Safe 2\
  4. Copy the downloaded file (TrayTotp.plgx) and paste it into the Plugins directory within your KeePass installation directorykeepass_totp.png
  5. Open KeePass and enter your master password to gain access to your database
  6. Now you can add a TOTP or MFA key to any of your saved credentials by right clicking on the entry, highlight Selected Entry, then click on Setup TOTPkeepass_totp_add.png
  7. Click next on the first few prompts until you get to the prompt that asks you to choose between 6 or 8 for the length of the key. This will depend on which service you are generating a key for. For Google accounts and AWS accounts I know that you can choose 6.keepass_totp_6.png
  8. Now you are prompted for your TOTP seed. This is generated by the service for which you are using MFA. As an example I will use a Google account. When turning on 2 Step Authentication you will click the Set Up button to use the Google Authenticator App.authenticator.png
  9. You can select Android, then you will be presented with a QR code to scan. If you want to have the ability to use the 2 Step Authentication with your phone, I suggest you scan the QR code using the Google Authenticator app now.
  10. To get the key working with KeePass you will need to click the button that says CAN’T SCAN IT?authenticator_cantscan.png
  11. Now you will see an alphanumeric key. Copy this keyauthenticator_token.png
  12. Paste your copied key into the TOTP seed field in KeePass then click next until the end. You don’t need to enter a server to sync with on the next screen. keepass_totp_seed.png
  13. Now you need a way to view the MFA generated key. In the KeePass app click the View menu, then click Configure Columns. Scroll to the bottom of the window and check the option for TOTP then click OK.configure_totp.png
  14. Now in your KeePass view you will have a column labeled TOTP that will have an MFA key that changes every 30 seconds.keepass_totpview.png
  15. In order for your keys to become effective with Google, you need to take the current key and enter it into the Google website where you got your TOTP seed from. To do this you can right click on the entry in KeePass and click Copy TOTP.copy_totp.png
  16. Go back to your browser, click next, paste the copied key into the text box then click verify.authenticator_verify.png
  17. You now have your MFA/TOTP/2 Step key available to you within KeyPass, and your smart phone if you setup your Google Authenticator app in step 9.

Conclusion

I have been very happy with KeePass. It’s free, it’s secure, it’s pretty straight forward, and it integrates well into my daily habits. Feel free to leave any suggestions for me below!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s