KeePassXC

Keep regular backups of your data! If you lose access to your password database, you lose all of your passwords.

KeePassXC

Time to set up: 5-10 minutes in 3 steps

What you will learn: How to store passwords on your computer in an encrypted database

What program you will use: KeePassXC

Program license: GNU GPL-2 / GPL-3

Note: The best way to become familiar with a password manager is to use it as often as possible. In a short amount of time it will require little effort.

KeePassXC can be found at https://keepassxc.org/, where you can download the software for use with GNU Linux, Mac, or Windows.

For differences between KeePass, KeePassX, and KeePassXC, see: https://superuser.com/questions/878902/whats-the-difference-between-keepass-keepassx-keepassxc

Step 1 When you open your new database, choose a Master Password (see screenshot below). This is the single most important password you will have: if you lose this password, you will lose access to all of your passwords in the database. Write it down and store it somewhere safe. The strength of this password will determine how safe your database is if someone gets access to your computer. (See the end for more on password strength.)

Having a key file is more secure, but I will not cover this in the tutorial. With a key file, you have a file saved on the drive of your choice—e.g., on your computer, on a usb stick, or on a hard drive—and only when that file is also present can you open the database. Having a key file is recommended.

Step 2 Once you have set your Master Password, you will see an empty database. In order to begin populating your database with entries, you can click the “Add New Entry” symbol (see screenshot below).

Step 3 You will now be presented with the New Entry box. Fill out the necessary information.

In your new entry you can save the following, all of which will be safely encrypted:

  • Username and password (random using password generator)
  • Url for the website
  • The expiration date of the password
  • Advanced > Attachments (to upload an attachment)

Randomly Generated Passwords

In order to generate a random password (recommended), click on the password generator) button. You will be presented with the password generator parameters (see screenshot below). Once you have set the parameters you want, click on “Generate.”

Click “OK” in the lower right corner when you have finished, and again for the new entry window. This new entry will now be stored in the respective group (here the group is “Internet”; see screenshot below).

When using KeePassXC, you can either right click on an entry to copy and paste, or use keyboard shortcuts when the entry is highlighted. Keyboard shortcuts are as follows:

  • Use “control key +alt key + u” to copy the url.
  • Use “control key + b” to copy the username. Paste it in the log in text box in your browser using “control + v.”
  • Use “control key + c” to copy the password. Paste into the password text box in your browser using “control + v.”

Note that for security reasons, the clipboard will automatically be cleared after some seconds.

Once you have populated your database, save it. The file extension will be kdbx. You can be assured that your usernames, passwords, attachments, etc. are saved in an encrypted database which only can be accessed using a master password (or a master password with a key file, if you have chosen this option) from your computer.

But remember, your database will only be as safe as your computer and your master password are, and if you forget the master password, you will lose access to all of your passwords.

Moreover, KEEP BACKUPS OF YOUR DATABASE in case you experience hardware failure or your computer is stolen, damaged, etc.

===========

A note on your Master Password:

  • For your database’s Master Password, the best password is one that is easy for you to remember but very difficult for someone else to guess.

https://imgs.xkcd.com/comics/password_strength.png

  • You must never forget this password. If you do, you lose access to all of your passwords.
  • Do not use a word or phrase from the dictionary. It is easy to use a computer to run through the entries in a dictionary or a list of common collocations.

Check out this calculator (https://www.grc.com/haystack.htm) to see how long it would take to crack a password using ‘brute force’ search, that is, trying all possible combinations (DO NOT COPY YOUR REAL PASSWORD INTO THIS WEBSITE). Note that this calculator does not tell you how good a password is. For instance, the password “password” may take a 6.91 years at 1,000 attempts per second, it will not take very long to guess as it is one of the most common passwords. The more random a password is, the stronger it will be against attack, which is why the random password generator is recommended.