Using Keepass to Secure Your Online Accounts

About two years ago I gave up trying to memorize all of my online accounts. I used a “three tier” password system for a while – with a low security, medium security, and high security password for the majority of my accounts. However, this still did not leave me at ease – knowing that if on one of these accounts my password was compromized, it potentially left the others open to attack.

keepassresize   Using Keepass to Secure Your Online Accounts

After looking around for different password managers, I came across KeePass. The main features that drew me to this program:

  • Open Source – Allows the ability to analyze the encryption methods
  • Cross Platform – Clients available for Windows, Ubuntu, Linux, MacOS X, J2ME (Cell Phones), Blackberry, Windows Mobile and more
  • Portable – Requires no installation

Installation is a cinch – visit the download page and install or unzip the software. Open Keepass.exe (on Windows), go to File->Open and create a new file.

keepass2   Using Keepass to Secure Your Online Accounts

While you type your password, it will tell you how many bits encryption it will provide, and also a bar with how secure/complex it is. After hitting OK, enter your password again to make sure you typed what you thought you did.

Inside Keepass you will see a Folder structure where you can organize your logins according to type or use. In my case, I keep separate areas for Work and Personal logins. Click “Add Entry…” to add a new login:

keepass3   Using Keepass to Secure Your Online Accounts

A password will be automatically generated – useful if you are making a new account. Click the three dots to change from a masked password to the plain text one.

If you want to have fine-grained control over your new password, while maintaining security, KeepPass includes a password generation tool.

keepass4   Using Keepass to Secure Your Online Accounts

For the ultra paranoid such as myself – you can click the box “Collect additional entropy” – this will ask you to move your mouse randomly around a box and type in random letters. Even if the default is secure, it gives my possibly neurotic self a great deal of satisfaction.

For ultimate usefulness, I have KeePass installed on my USB Keydrive. With the price of USB Keychain drives so low, and the size so large; I’ve found it invaluable to carry around with me at all time in case a tech emergency comes up (I am even able to boot off of it with a slew of diagnostic utilities – more on that later!) It was not a big jump for me to keep my passwords with me at all times, just like keeping my keys with me.

Along with the great advantage of always having your passwords available, there are a few downsides to this. If you lose your Key Drive you have two main problems. The first is that potentially someone else will be able to access your password. Since the password file is encrypted – this should be taken care of. The second is the loss of this file. For this reason, it is essential to back up the password file regularly.

I use a backup tool called SyncBack SE for this. It has been previously reviewed on this site by Mark. The paid version has many priceless (in my opinion) features – one being that it has an “On Insert” option. In the profile, select the drive letter that is assigned for your USB Key Drive on the “Insert” tab. On inserting your drive, it will automatically run this profile and back up your files.

syncback   Using Keepass to Secure Your Online Accounts

With this program running, all you need to do is plug in the USB drive – for example if you are accessing a password, and it will run a backup. Just what I like – a backup process that you don’t need to think about. Less interference means easier backups!

I’ve been using KeePass for all of my passwords now for a while and I would never turn back. I must have over 200 sites with passwords I need to remember, if not more. Some have weird password requirements which would make it necessary for me to create new ones that are impossible to remember. This system has been working perfectly and I would recommend it for anyone who is required to remember more than a handful of passwords!

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

22 Comments -

0 votes

Frank

Great article. I have been using RoboForm for years and it has all of the same features, plus you can install it on your computer and use a highly encrypted master password to access all your passwords. It verifies the authenticity of websites, so if you get an email from US Bank and have an account there, if you click on the link and it is a spoofed site, you will not get a prompt from Roboform to fill in your info. Not a free program though.

0 votes

Dave Drager

One thing I forgot to mention in the article – KeePass has plugins available – some of which will automatically fill out forms for you with the password from a keepass file.

0 votes

Brainiac

Plugins? That’s cool. How many plugins are there?

0 votes

Joshua

Just a question. I’m kind of looking for a good password program ever since I had an issue with identity theft. Or rather money theft.
Someone recommended Infinite Password Generator, which basically takes a master password and a keyword to generate a new password. Does Keepass have a function like this?

0 votes

Syahid A.

Nice alternative to what I’ve used currently – Password Safe. The interface of Keepass looks much more user friendly.

0 votes

Stevan

Does this program “Keepass” work with MAC ? If not are there similar
programs for MAC?

Thank you