jorin

Posted on Oct 7, 2018 • Updated on Dec 2, 2018 • Originally published at jorin.me

Store Passwords With KeePass

#productivity #security #passwords #secrets

Let me show you why KeePass is more fun than your cloud-based password manager.

It's 2018 and passwords are still a pain we haven't figured out. Bigger companies often work around this by relying on products that support Single Sign-on or similar. But individuals and smaller companies are stuck with managing passwords themselves or relying on third-party authentication from Google, Facebook and so on.

I guess I don't need to explain why it is not a good idea trusting all your logins to one single company - especially when the core business of the company is collecting as much as possible information about as many people as possible.

If you are a person that cares about being in control of their logins and keeping the logins secure, you are in need of some way of managing a big number of different and complicated passwords.

That's why there are password managers.

They help you remember and generate secure passwords for all your digital services. It's nice to have all your logins in one place and to only have to remember a single password (please make it a secure password - don't try putting super many complicated symbols in there but make it long, make it a sentence of a few words).

This is not a new idea and there are enough companies that offer solid services to help you with this - such as 1Password or LastPass.

Now these services only have a small issues: You need to pay for it and they make you put all your passwords on the servers of a single company with little flexibility in case you don't feel like trusting them anymore.

So let's have a look at a 14 years old free and open source alternative: KeePass.

If you think this looks scary, you are not on your own.

So why KeePass?

Not only is KeePass free and open source, but it is simple. It focuses on managing passwords.

It doesn't try to also solve cloud storage and sync for you. Your passwords are simply stored in a secure encrypted file. What you do with that file is up to you. This makes it very flexible and allows you to combine it with any storage of your choice: You can put this file in Google Drive, Dropbox or simply keep it on an USB drive. It's up to you.

And even better: KeePass does not have to be what you see in the screenshot above. At the core of KeePass is the .kdbx file format. Any developer can take this format and build software that can work with it!

And people did this:

If you are looking for a modern, pretty looking program for working with .kdbx files,
have a look at MacPass:

Or KeeWeb:

Personally I prefer KeePassXC:

It appears less pretty but it is the most pleasant to use:

Searching, copying, editing - all its features can be controlled entirely with keyboard shortcuts.
It supports filling passwords in your browser with a global shortcut.
It allows storing and unlocking SSH keys.
And it even supports setting up TOTP for two factor authentication (please enable this for all your important services) which can be a nice alternative to Google Authenticator.

Of course you also want your passwords on your phone. And you can. I had good experience with Keepass2Android Password Safe.

KeePass might not only be a great help for your personal use but even your workplace can profit from it: Sharing secrets with coworkers is very simple and flexible. All you have to deal with is sharing files.

Top comments (13)

Jan van Brügge • Oct 7 '18

I want to add, you do can sync your passwords if you want. Keepass supports (among others) Dropbox, FTP and WebDAV. I just have an HTTPS encryped WebDAV folder that uses HTTP basic auth (very easy with nginx) and all my passwords are synced between my PC, laptop and phone.
The password file is on my server and I do not have to trust external cloud providers.

Rémi Lavedrine • Oct 8 '18 • Edited

I am doing something similar.
As I got Syncthing enabled on my computer and personal NAS, my database is stored on my computers and NAS only. No third party provider.
And KeepassXC is working on Linux, MacOS and Windows10. Which is very important for me. :-)

Maybe another article is about mobile kdbx compatible app.
We add a discussion about it at work. To know which solution is the most secure.
I come by the fact that KeepassTouch on iOS is the most secure as it is open source and you do not need to go through a public cloud to synchronize your database.

Art4 • Oct 8 '18

Nice post and it describes exactly my setup. I'm using KeePassXC on Linux and Windows and KeePass2Android on Android.

Also notable features are:

support to increase the security of the .kdbx file with a password AND a keyfile as a second factor. Keep this keyfile only on your USB stick or smartphone and on a save place as backup (but never on the sync server).
the autotype feature, if the global shortcut is not supported. Autotype will switch the focus to your login form and type the name, tab, password and enter automagically for you.
the alternative keyboard of KeePass2Android. Don't let other apps steal your credentials from the clipboard, instead use the custom keyboard with the [username] and [password] buttons for direct input.

Donna Hogan • Oct 8 '18

I love KeePass2! It's also one of the few password managers with a Linux app.

On mobile I've been using KeePassDroid for years, I didn't know there were so many new ones, I'll have to check out the one you mentioned.