While many technology services have been improving their security interfaces, the majority of systems still rely on password authentication. Research shows that the average number of accounts per person is 90 and most likely will keep increasing.
- 1 Download and Setup KeePass
- 2 Run KeePass
- 3 Create Database
- 4 Create an Extremely Strong Master Password
- 5 Database Settings
- 6 Make a Print Copy of Emergency Sheet
- 7 System Cleanup and Tuning
- 8 Add Data Entry
- 9 Workspace Lock-out
- 10 Config KeePass for Enhanced Experience
- 11 KeePass Shortcuts You Must Know
- 12 KeePass Plugins
- 13 Chrome Browser Integration
- 14 Summary
Download and Setup KeePass
Let's jump in and start installing the KeePass. You can download the latest KeePass application from the following link.
Open the KeePass-2.xx-Setup.exe file and follow the installation steps.
After installation is completed, start using KeePass by running the application. You will be welcomed with an empty window that indicates that you don't have a database yet.
To start creating a database, select File -> New or press CTRL + N. The following information window will appear.
Read through and click OK. You will then be prompted to give a name to the database and specify where to save. KDBX is the extension of the KeePass password database file.
Create an Extremely Strong Master Password
After saving the KeePass database file, a screen will display where you will enter the KeePass Database Master Password and other database details.
Make sure your password is extremely strong because how secure this encrypted KeePass password database will entirely depend on the strength of the password.
The recommended rules for a secure password is:
- Minimum of 10 characters.
- Avoid personal keywords or dictionary words.
- Use Diceware strategy
To learn how to make a highly secure password see the following article.
After you input your Strong Master Password, leave the other fields as is and click OK to progress the database creation.
The next step is to configure the database settings. The majority of the settings can be left default, but one thing suggested is to change the encryption algorithm to ChaCha20 for stronger security.
Make a Print Copy of Emergency Sheet
KeePass does not come with a "Forgot Your Password?" feature, unlike many online services. The reason is simple, to reduce security risk by giving no chance for non-password holders to access the database.
This means if you forgot your master password or someone with responsibility needs the access without your availability, things are going to be extremely difficult.
To cover such a scenario, KeePass provides a helpful feature letting users printout a physical emergency sheet so that users can manually write down the Master Password.
Make sure to printout the Emergency Sheet, write down the Master Password and keep the printout somewhere secure or to your attorney. This way in case you pass away by an accident you still can provide all the account access for your important ones.
System Cleanup and Tuning
You have successfully created your first KeePass database! The default database window will look like the following.
The left section is dedicated to groups where users can organize the key entries for easier access. The right section shows all the key entries that exist in the selected group. By default, there are two sample entries inside the root Database group.
Clear Default Keys
Let's have a fresh start by clearing the default entries.
Select the Database group and select all Sample entries. After the target entries are highlighted, select Entry -> Delete or click the Delete key. A confirmation dialog will prompt asking if you would like to proceed with the entry deletion.
By clicking Yes, the dialog will close and you will no longer see the two sample entries exist in the root Database group. You may think the selected entries were successfully deleted, but not so fast.
In the Recycle Bin group, you will find the two entries that were just deleted. This two-layer deletion process provides a safe-net so that users will not accidentally delete important entries by mistake.
To Permanently delete any entry, right-click the Recycle Bin group and select Empty Recycle Bin. Deleting an entry this way will completely remove from the database.
Add Data Entry
KeePass allows users to manage hundreds and thousands of account/password entries in one place. Open the Add Entry window by selecting one of the groups (i.e. General) and select Entry -> Add Entry or CTRL + I.
Go ahead and fill out the form with your account credentials. The following image shows an example of a Google account entry similar to how I usually input.
Couple details to mention are,
- Title: Enter both service and account name for easier entry search in case there are multiple accounts associated with one service.
- Password: Always use a strong password. Repeat twice for confirmation, otherwise, the entry could not be saved.
- URL: If the entry is for an online service, copy and paste the service's Login URL. This will later help access the account without searching for the login page.
- Notes: Provide other sensitive information here. i.e. Password recovery questions and answers, hash and salt code
- Expires: Keep it unchecked.
Save Entry and Save Database
The added entry will be immediately available at the main window.
Notice the database name shows Database.kdbx* at the top left next to the KeePass icon. The asterisk symbol (*) indicates that the database is not saved, meaning closing the application will lose all data entry or entry updates.
Press CTRL + S to save the database. Once the database gets saved, asterisk symbol will disappear and you are now safe to close the application.
Good practice while using KeePass is to always lock the workspace whenever leaving the desk or locking the computer. An easy way to perform the lock is by pressing CTRL + L.
Once the workspace is locked, there will be no ways to access the database contents without providing the master password. This simple mechanism is what makes KeePass one of the most secured Password Manager application.
Config KeePass for Enhanced Experience
There were a few incidents that I lost a new or updated entry caused by closing the application or restarting the computer without saving the database. It is quite frustrating when this happens because you may lose multiple accounts' username and password that you rely on KeePass, leading to require account recovery request.
After such a bitter experience, I found out there is an option in Keepass that automatically saves the database whenever an entry edit or database lock occurs.
I highly recommend turning this option on to reduce the risk of unsaved data lost.
While KeePass is extremely secured once the workspace is locked, it is also very vulnerable when the workspace is left unlocked.
There are a few options that can enhance the control over locking the workspace.
Lock workspace after global user inactivity (seconds)
The workspace can be auto-locked after a certain period of user inactivity is detected. This way when you accidentally leave the computer without locking, at least the security will be maintained for all your password.
Lock workspace when locking the computer or switching the user
The workspace definitely should be locked when the computer is locked or switching to another user. This will be especially useful when a laptop that runs KeePass is stolen.
Lock workspace when the computer is about to be suspended
Same as above, KeePass should be locked when the computer goes to suspended or sleep mode.
Lock workspace when the remote control mode changes
Even all the above options are enabled, in case someone remotely logs into your computer with the same user credentials while you are logged in the KeePass workspace will not lock. Enabling this option will prevent exposing the workspace for such a scenario.
KeePass data entry dialog provides an auto-generated password upon new entry.
The auto-generated password is extremely secure and can be directly used. Trying to hack this 20 character password by brute force algorithm will easily take over 100 billion years.
The password generator can be configured as needed by clicking the Open Password Generator menu item.
In the Password Generator configuration window, users can specify the strength and character set of the auto-generated password.
KeePass Shortcuts You Must Know
KeePass comes with many useful keyword shortcuts, which new users might have difficulty finding. Utilize the following shortcuts to improve your KeePass experience.
|Quick Search||CTRL + E||Give focus to the top right search box to perform a quick search.|
|Detail Search||CTRL + F||Open a dialog to perform a detailed search.|
|Copy User Name||CTRL + B||Copy user name to the clipboard. Expires in 12 seconds by default.|
|Copy Password||CTRL + C||Copy password to the clipboard. Expires in 12 seconds by default.|
|Auto Type||CTRL + V||Auto-type username and password to the login input box.|
|Lock Database||CTRL + L||Lock the database so that entry data cannot be accessed without the master password.|
|Open URL||CTRL + U||Open entry URL with the default browser.|
|Copy URL||CTRL + Shift + U||Copy entry URL to the clipboard.|
There are many plugins available that will enhance KeePass with useful features. For the list of officially recognized KeePass plugins, visit the following link.
To demonstrate how to install a plugin, let's take a look at KeePassHttp. This plugin allows KeePass that runs on the desktop to integrate with Chrome and Firefox browsers.
Open the KeePass Plugins folder by selecting Tools -> Plugins -> Open Folder from the KeePass application.
All KeePass plugins come in a PLGX extension. Download the KeePassHttp plugin named KeePassHttp.plgx and save it to the KeePass' Plugins folder.
Restart the KeePass application, enter your master password, and select Tools -> Plugins again to see the installed plugins.
Chrome Browser Integration
Before starting the Chrome browser, make sure you have installed the KeePassHttp plugin into desktop KeePass application.
By integrating KeePass to a browser a much richer password management experience will be available.
From Chrome open the following link to install the KeePassHttp-Connector extension on your browser.
Connect KeePass Database to KeePassHttp-Connector
After the KeePassHttp-Connector Chrome extension is installed, click the extension icon at the top right corner of the browser to start connecting the database. Make sure the desktop KeePass is running and unlocked before performing the database connection.
The KeePass application will prompt a key association dialog. Enter an appropriate key name, e.g. Chrome Extension and click Save.
KeePassHttp Settings entry with the string fields specified by the previous dialog will be created.
Go back to the Chrome extension to confirm the connection is associated by finding the Redirect Credential Fields message.
Auto-Complete Login Credentials from Extension
This is where all the hard work gets paid off by magically filling up login credentials without memorizing or typing any user account and password.
Go to an online service's login page which you already have the credentials added to KeePass. Make sure the login page URL is specified in the entry, otherwise entry might not be properly discovered by the extension.
For this example, I went to the Twitter login page to test the auto-complete feature. As you can see by clicking the user name text field a KeePass entry suggestion will show automatically.
Click the KeePass suggestion, and you have the login credentials auto-completed without an effort.
Reusing simple passwords will bring more harm than protection, instead, it is time to maximize your account security with strong and reliable passwords. KeePass provides great features for users to maintain better security standards on their accounts without a struggle.