keepass - secure password storage

KeePass - secure password storage

KeePass is a secure and easy-to-use password management tool.

Homepage

www.keepass.info

Computer Requirements

All Windows versions

Version used in this guide

1.14

License

Free and Open-Source

Software

Installing KeePass

Follow any program-specific directions in theGuideIf there are none, simply click the link belowand choose a location to save the installerFind the installer on your computer anddouble-click it

KeePass:

Required Reading

How-to Booklet chapter 3. How to create and maintain good passwords

Level: 1: Beginner, 2: Average, 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using this tool: 15 minutes

What you will get in return:

The ability to save all your passwords in one convenient and secure database

The ability to create and store many strong passwords without having to remember them

1.1 Things you should know about this tool before you start

KeePass is an easy-to-use, powerful tool that helps you store and manage all your passwords in a highly

secure database. You can put both that database and the KeePass program on a USB memory stick and carry

it with you. The database is protected by a 'master password' that you create. This password is also used to

encrypt the entire contents of the database. You can store your existing passwords in KeePass or have it

generate one for you. KeePass doesn't require any prior configuration or specific installation instructions. It's

ready to go when you are!

How to Use KeePass

In the sections that follow, you will be taught how to create a master password, save your newly-created

database, generate a random password for a particular program, create a backup copy of the database and

extract the passwords from KeePass when needed.

To run KeePass, perform these steps:

Step 1. Select: Start > Programs > KeePass Password Safe > KeePass or click the icon on your

desktop to activate the KeePass main screen as follows:

KeePass - secure password storage 06/03/2009 01:22

http://en.security.ngoinabox.org/book/export/html/132 1 of 18

Figure 1: The KeePass Password Safe main screen

2.1 How to Create a New Password Database

Creating a new password database involves two steps:

You must come up with a single, unique and strong master password that you will use to lock and unlock your

database of passwords. Then, you must save that password database.

To create a new password database, follow these steps:

Step 1. Select: File > New as follows:



Figure 2: The KeePass screen with File > New selected

This will activate the Create New Password Database screen as follows:

Figure 3: The KeePass Create New Password Database screen

Step 2. Type the master password you have invented into the Master Password field.



Figure 4: The KeePass Set Composite Master Key screen with the Master Password field completed

You will see an orange-green progress bar underneath the password entry. As you type in a password, the

amount of green in the bar will increase if the complexity or strength of your password increases with the

number of characters used.

Tip: You should aim to have at least half the bar filled with green when you've done typing in your password.

Step 3. Click: to activate the Repeat Master Password screen and confirm the password asfollows:

Figure 5: The KeePass Repeat Master Password screen

Step 3. Type in the same password as before, then click:

Step 4. Click: to see if you are typing in your password correctly.

Warning: This is not advisable if you fear that someone may be looking over your shoulder.

Once you have successfully typed in the master password twice, the KeePass main screen is activated asfollows:



Figure 6: The KeePass Password Safe screen in active mode

After you have created the password database, you need to save it. To save the password database, follow

these steps:

Step 1. Select: File > Save As

Figure 7: The KeePass Password Safe screen



This will activate the Save As screen as follows:

Figure 8: The Save As screen

Step 2. Type in a name for your new password database file.

Step 3. Click: to save your database.

Tip: Remember the location and file name of your database! It will come in very handy when you are creating a

backup of it.

Congratulations! You have successfully created and saved your secure password database. Now you can

begin to fill it up with all your current and future passwords.

2.2. How to Add an Entry

The Add Entry screen lets you add account information, passwords and other important details into your newly-created database. In the example that follows, you will be adding entries to store passwords and user names

for different websites and email accounts.

Step 1. Select: Edit > Add Entry in the KeePass Password Safe screen to activate the Add Entry screen asfollows:



Figure 9: The KeePass Password Safe screen with Edit > Add Entry selected



Figure 10: The KeePass Add Entry screen

Note: The Add Entry screen presents you with a number of fields to be completed. None of these fields aremandatory; information submitted here is largely for your own convenience. It may prove useful in situations

where you are searching for a particular entry.

A brief explanation of these different text boxes is presented as follows:

Group: KeePass lets you sort your passwords into pre-defined groups. For example: 'Internet' would bea good place to store passwords that relate to website accounts.

Title: A name to describe the particular password entry. For example: Gmail password

User name: The user name associated with the password entry. For example: [email protected]

URL: The internet site associated with the password entry. For example: https://mail.google.com

Password: This feature automatically generates a random password when the Add Entry screen isactivated. If you are registering a new email account, you can use the 'default' password in this field.

You can also use this feature if you want to change an existing password for one generated by

KeePass. Since KeePass will always remember it for you, there is no need to even see the password. A

randomly generated password is considered strong (that is, difficult for an intruder to guess or break).

Generating a random password on request will be described in the following section. You can, of course,

replace the default password with one of your own. For instance, if you are creating an entry for an account

that already exists you will want to enter the correct password here.

Repeat Password: The confirmation of the password.

Quality: A progress bar that measures password strength according to length and randomness. The

more green there is on the scale, the stronger your chosen password.



Notes: Here is where you type in descriptive or general information about the account or site for which

you are storing information. For example: 'Mail server settings: POP3 SSL, pop.gmail.com, Port 995;

SMTP TLS, smtp.gmail.com, Port: 465'

Expires: Check this item to activate text boxes in which you can specify an expiry date. By doing this,

you could add a reminder for yourself to change the password at a specific time (every 3 months, for

example). When a password has expired, it will appear with a red cross next to its name as shown in the

example below:

Figure 11: The KeePass Password Safe screen displaying the NetSecureDb?.kdb file screen

Note: Creating or modifying the password entries in KeePass does not change your actual passwords! Think of

KeePass as a secure electronic address book for your passwords. It only stores what you write in it, nothing

more.

If you select Internet from the Group drop-down list, your password entry might resemble the following:



Figure 12: The KeePass Add Entry screen - completed

Step 2. Click: to save this entry.

Your password entry now appears in the Internet group.




Note: The bottom panel of this window displays information about the entry selected. This includes creation,

editing and expiry time as well as notes you may have recorded in the entry. It does not reveal the password.

2.3 How to Edit an Entry

You may edit an existing entry in KeePass at any time. You can change your password (it is generally

considered good security practice to change a password every three to six months), or modify other details

stored in the password entry.

To edit an entry, perform the following steps:

Step 1. Select the correct Group in the left-hand side to activate the entries associated with it.

Step 2. Select the relevant entry, then right-click on that selected entry to activate the following window:



Figure 14: The KeePass Password Safe screen displaying the Edit menu

Step 3. Click: to save any necessary changes to this information, including the password.

To change an existing password (that you previously created yourself) for one generated and recommended by

KeePass, please read the following section.

2.4 How to Generate Random Passwords

Long, random passwords are considered strong in the world of security. Their randomness is based on

mathematical principles and cannot simply be 'guessed' by someone who is trying to break into one of your

accounts. KeePass supplies a Password Generator, to help you with this process. As you have seen above, arandom password is automatically generated when you add a new entry. This section will describe how to

generate one yourself.

Note: The Password Generator can be activated from within the Add Entry and Edit/View Entry screens.Alternatively, select: Tools > Password Generator.

Step 1. Click: from within either the Add Entry or Edit/View Entry screen, to activate the PasswordGenerator screen as follows:



Figure 15: The KeePass Password Generator screen

The Password Generator screen presents a variety of choices for generating a password. You can specify thelength of the desired password, the pool of characters from which it will be created and much else. For our

purposes, we can use the default options presented. This means that the generated password will be 20

characters long and made up of lower and upper case letters, as well as numbers.

Step 2. Click: to begin the process. When complete, KeePass will present the generated

password to you.

Figure 16: The KeePass Generated Password section

Note: You can view the generated password by clicking: . However, this creates a security risk as we

discussed above. In essence, you will never need to see the generated password. We will explain more about

this in section 3.0 Using KeePass Passwords.

Step 3. Click: to accept the password and return to the Add Entry screen as follows:



Figure 17: The KeePass Add Entry screen

Step 4. Click: to save this entry.

Step 5. Select: File > Save to save your updated password database.

2.5 How to Exit, Minimise and Restore KeePass

You can minimise or exit the KeePass program at any time. When you open or restore it again, you will be

prompted to enter your Master Password.

KeePass minimises itself, appearing in your system tray (at the bottom right-hand corner of the screen) as this

icon: .

Step 1. Double-click this icon to restore KeePass to its normal size.

Step 2. Select: File > Exit to close the KeePass program completely.

If you have any unsaved changes in the database, KeePass will prompt you to save them.

Step 3. Upon opening or restoring KeePass from the system tray, you will be prompted to enter your MasterPassword.



Figure 18: The KeePass Open Database - NetSecureDb.kdb screen

2.6 How to Create a Backup of the Password Database file

The KeePass database file on your computer is denoted by its .kdb file extension. You can copy this file to a

USB memory stick. No one else will be able to open the database without the master password.

Step 1. Select: File > Save As from the main screen, and save a copy of the database to another location.

You can run the entire KeePass program from a USB memory stick. Please download a portable version of

KeePass from http://portableapps.com/apps/utilities/keepass_portable and install it on your USB memory stick.

2.7 How to Reset your Master Password

You can change the Master Password at any time. This can be done once you have opened the passworddatabase.

Step 1. Select: File > Change Master Key

Figure 19: The KeePass Change Master Key screen

You will be prompted to type the new Master Password twice.



Figure 20: The KeePass Change Master Key screen

Using KeePass Passwords

Given that a secure password is not easily memorised, KeePass lets you copy it from the database and paste

it onto whatever account or website requires it. For greater security, a copied password will only remain on the

clipboard for about 10 seconds, so it will save time to have your account or website already open and running,

so that you can paste the relevant password there as required.

Step 1. Right-click on the required password entry to activate a drop-down list,

Step 2. Select Copy Password to Clipboard as follows:


Step 3. Go to the related account or site and paste the password into the appropriate field:



Figure 22: A Gmail Account displaying a pasted password

Tip: For efficient copying, pasting and switching windows, use the keyboard shortcuts. Press and hold the Ctrlkey, then press C to copy a password. Press and hold the Ctrl key, then press V to paste that password.Press and hold the Alt key, then press the Tab key to switch between open programs and windows.

Note: By using KeePass all the time, you never actually have to see or know what your password is. The

copy/paste functions take care of moving it from the database to the required window. If you use the RandomGenerator feature and then transfer this password to a new email account registration process, you will beusing a password that you have never seen in plain view. And it still works!

FAQ and Review

KeePass seems to be a very easy program for Nikolai and Elena to use. The only part they find tricky is getting

into the habit of creating new passwords in KeePass. It's difficult for Elena to get used to the fact that she

never has to see a password again, but it is definitely easier than having to remember them!

Q: Nikolai, I was surprised how easy KeePass was to use. However, on the outside chance that I forget mymaster password, is there anything I can do to access KeePass and retrieve my password databases?

A: Oh, that's an easy one, Elena! Nope. Sorry, there's nothing you can do in that situation. On the bright side,at least no one else will be able to access your password database! To prevent this from happening, you coulduse some of the methods for remembering a password that are described in the How-to booklet, Chapter 3.How to create and maintain secure passwords.

Q: And if I uninstall KeePass, what will happen to my passwords?



A: The program will be deleted from your computer; however, your database (stored in a .kdb file) will remain.You can open this file at any time in the future if you install KeePass again.

Q: I think I accidentally deleted the database file!

A: Hopefully, you made a backup beforehand. Also, make sure you haven't simply forgotten where you storedthe file in the first place. Search your computer for a file with a .kdb extension. If you really have deleted it, takea look at the Hands-on guide to UndeletePlus. It could help you to recover the file.

4.1 Questions with which to test yourself after completing the guide

What makes a strong password?1.

How can you modify an existing password entry in KeePass?2.

How can you generate a thirty-character password in KeePass?3.



keepass - secure password storage

Documents