KeePass

Once upon a time I frequently reused passwords. So if you knew my dogs name, or what kind of car I drove, you could easily have pretended to be me with just a little extra work. This is obviously a very bad idea, but I’m sure many people struggle with managing passwords for web sites and computer systems you access on a regular basis.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

A while back I wrote a post about PasswordSafe, which I used to manage my usernames and passwords.  I’ve since switched to a different tool named KeePassKeePass is also free and open source, but I think it is also easier to use.

Most importantly the ability to auto-type usernames and passwords is infinately more flexible with KeePass.  Auto-type is a very important feature, although I can understand why you may not initially think so.

Think about the strongest types of passwords.  They are long, complex, unique, and full of many different character types.  Do you want to type those in manually each time?  Once I switched to KeePass, my normal password length increased to 20 or more randomized characters wherever possible.  Since I don’t have to remember or type them, I prefer the really long/complex ones.

To manage my password database across several computers, I use FolderShare to synchronize it between systems.  This keeps my database of (as of writing 317) passwords the same across all my systems.  Occasionally I also copy the password database file to a USB flash drive so I can access accounts when I’m not using one of my own computers.

KeePass has many other great features.  The listing of features below links to their website.

  • Strong Security
  • Multiple User Keys
  • Portable and No Installation Required
  • Export To TXT, HTML, XML and CSV Files
  • Import From Many File Formats
  • Easy Database Transfer
  • Support of Password Groups
  • Time Fields and Entry Attachments
  • Auto-Type, Global Auto-Type Hot Key and Drag&Drop
  • Intuitive and Secure Windows Clipboard Handling
  • Searching and Sorting
  • Multi-Language Support
  • Strong Random Password Generator
  • Plugin Architecture
  • Open Source!

    • I found it helpful to change the default “auto-type” string to inlcude a pause before the KeePass types your username.  Click Tools/Options/Advanced/Auto-Type, and use this value:

    {DELAY 50}{USERNAME}{TAB}{DELAY 50}{PASSWORD}{ENTER}

    Some websites with more complicated authentication schemes will require customization of the auto-type string.  The software “help” references provides details on how to do this.

    This entry was posted on October 1, 2008 at 10:07 am and is filed under Encryption, How To, Passwords, Review, Security, Software, Synchronization, Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    One Response to “KeePass”

    1. Mark Christianson Says:
      November 15, 2008 at 9:54 am

      While the foldershare works the thing I do with Keepass is install the ‘portable’ version on a USB flash drive. These days you can pick up a flash drive pretty cheaply and put it on your keyring. You’ll always have it with you and you can backup your db file anytime.

      You can get a flash drive with U3 application and download the keepass U3 version on the keepass.info site or what I do is use http://www.portableapps.com and you can find the keepass portable app available for download.

      Now you can relax knowing your keepass data (while encrypted) isnt in half a dozen locations.

    Leave a Reply