Passwords are quite a tedious topic: We all know that we are supposed to have a different password on every website or service that we use, but we also all know that it is quite impossible to remember a different one for each of these. So we end up writing them down somewhere or only have very few passwords that get used on several websites. You could probably argue both ways that either only having a few passwords or writing them down is less safe. As a matter of fact they’re both quite unsafe.
That being said I have recently discovered KeePass, which comes for all platforms (+ Android) and has convinced me of being a safe way of storing your passwords. The key (in every sense of the word) here is, that your database is encrypted using both a key file and a master password. So even if someone has somehow had a chance to get their hands at your master password or key file, as long as they don’t also have the other, they’re not getting anywhere. The aim of course still is for no one to get their hands on anything. Crucial is to not store the key file on the computer itself, but separately, for example on a USB stick or SD card. You might think you can hide your key file deep down in your file manager, but it would not be too hard to find it using the search tool.
You can also synchronise your password database over all your devices if you simply save it in Dropbox. For every password you store in the database KeePass can tell you how many bits your password has (i.e. how secure it is) and will create passwords of around 110 bits for you. Since you don’t have to remember them anymore you might as well go for a really long one.
Here’s a little step-by-step setup tutorial:
- Download KeePass or type sudo apt-get install keepass2 on Ubuntu based systems.
- Create a new database and store it in your Dropbox.
- Choose your master password and define a key file by clicking “Create…”.
- The key file will be created by randomly moving your mouse over a field of black and white pixels and/or using your keyboard to type random characters. The key file will have up to 256 bits. You can also specify to only have a master password or a key file but I would recommend to always use both. Laziness should never jeopardise password security!
- After your database is generated you can start adding passwords and organising them into groups. When you create a new entry, where you can also store usernames and URLs, KeePass will already have created a password for it. When I make a new entry for a service that I already use I usually use the KeePass generated password to replace the one I was using before. You can also overwrite the KeePass generated password, but I would not recommend that, as your old password is very likely to be a lot less secure than the password generated by KeePass.
- When you need a password to login somewhere simply click on the entry in KeePass, hit CTRL+C and the password is stored in your clipboard for 12 seconds.