How to use KeePass to strore and manage passwords securely

POSTED BY Patrick ON October 21, 2010 / 0 COMMENTS

Too many Passwords to remember? Of course you have, we all do! This is an easy tutorial of how to store and carry around an endless amount of strong Passwords and User Names securely, without memorizing them or writing them in your diary (yes, a lot of us still do that!). Internet user accounts for banking, social networking and shopping are always being targeted by hackers. Just recently, a Trojan called Zeus Zbot acquired online banking user account information and stole approximately £6M from UK and £2M from US.

Get the free KeePass Password Manager which will generate very strong Passwords, and will make login into your accounts easy. All you need to do is remember only One Password called the Master Password. In the sections that follow, you will learn how to create a master password, save your passwords, generate random passwords, create backups and use the passwords from KeePass when needed.

To run KeePass, perform these steps:

Step 1. Select: Start > Programs > KeePass Password Safe > KeePass or click the icon on your desktop to activate the KeePass main screen as follows:

Figure 1: The KeePass Password Safe main screen

2.1 How to Create a New Password Database

Creating a new password database involves two steps:

You must come up with a single, unique and strong master password that you will use to lock and unlock your database of passwords. Then, you must save that password database.

To create a new password database, follow these steps:

Step 1. Select: File > New as follows:

Figure 2: The KeePass screen with File > New selected

This will activate the Create New Password Database screen as follows:

Figure 3: The KeePass Create New Password Database screen

Step 2. Type the master password you have invented into the Master Password field.

Figure 4: The KeePass Set Composite Master Key screen with the Master Password field completed

You will see an orange-green progress bar underneath the password entry. As you type in a password, the amount of green in the bar will increase if the complexity or strength of your password increases with the number of characters used.

Tip: You should aim to have at least half the bar filled with green when you’ve done typing in your password.

Step 3. Click: to activate the Repeat Master Password screen and confirm the password as follows:

Figure 5: The KeePass Repeat Master Password screen

Step 3. Type in the same password as before, then click:

Step 4. Click: to see if you are typing in your password correctly.

Warning: This is not advisable if you fear that someone may be looking over your shoulder.

Once you have successfully typed in the master password twice, the KeePass main screen is activated as follows:

Figure 6: The KeePass Password Safe screen in active mode

After you have created the password database, you need to save it. To save the password database, follow these steps:

Step 1. Select: File > Save As

Figure 7: The KeePass Password Safe screen

This will activate the Save As screen as follows:

Figure 8: The Save As screen

Step 2. Type in a name for your new password database file.

Step 3. Click: to save your database.

Tip: Remember the location and file name of your database! It will come in very handy when you are creating a backup of it.

Congratulations! You have successfully created and saved your secure password database. Now you can begin to fill it up with all your current and future passwords.

2.2. How to Add an Entry

The Add Entry screen lets you add account information, passwords and other important details into your newly-created database. In the example that follows, you will be adding entries to store passwords and user names for different websites and email accounts.

Step 1. Select: Edit > Add Entry in the KeePass Password Safe screen to activate the Add Entry screen as follows:

Figure 9: The KeePass Password Safe screen with Edit > Add Entry selected

Figure 10: The KeePass Add Entry screen

Note: The Add Entry screen presents you with a number of fields to be completed. None of these fields are mandatory; information submitted here is largely for your own convenience. It may prove useful in situations where you are searching for a particular entry.

A brief explanation of these different text boxes is presented as follows:

Group: KeePass lets you sort your passwords into pre-defined groups. For example: ‘Internet’ would be a good place to store passwords that relate to website accounts.
Title: A name to describe the particular password entry. For example: Gmail password
User name: The user name associated with the password entry. For example: securitybox@gmail.com
URL: The internet site associated with the password entry. For example: https://mail.google.com
Password: This feature automatically generates a random password when the Add Entry screen is activated. If you are registering a new email account, you can use the ‘default’ password in this field. You can also use this feature if you want to change an existing password for one generated by KeePass. Since KeePass will always remember it for you, there is no need to even see the password. A randomly generated password is considered strong (that is, difficult for an intruder to guess or break).

Generating a random password on request will be described in the following section. You can, of course, replace the default password with one of your own. For instance, if you are creating an entry for an account that already exists you will want to enter the correct password here.

Repeat Password: The confirmation of the password.
Quality: A progress bar that measures password strength according to length and randomness. The moreÂ green there is on the scale, the stronger your chosen password.
Notes: Here is where you type in descriptive or general information about the account or site for which you are storing information. For example: ‘Mail server settings: POP3 SSL, pop.gmail.com, Port 995; SMTP TLS, smtp.gmail.com, Port: 465’
Expires: Check this item to activate text boxes in which you can specify an expiry date. By doing this, you could add a reminder for yourself to change the password at a specific time (every 3 months, for example). When a password has expired, it will appear with a red cross next to its name as shown in the example below:

Figure 11: The KeePass Password Safe screen displaying the NetSecureDb?.kdb file screen

Note: Creating or modifying the password entries in KeePass does not change your actual passwords! Think of KeePass as a secure electronic address book for your passwords. It only stores what you write in it, nothing more.

If you select Internet from the Group drop-down list, your password entry might resemble the following:

Figure 12: The KeePass Add Entry screen – completed

Step 2. Click: to save this entry.

Your password entry now appears in the Internet group.

Figure 13: The KeePass Password Safe screen

Note: The bottom panel of this window displays information about the entry selected. This includes creation, editing and expiry time as well as notes you may have recorded in the entry. It does not reveal the password.

2.3 How to Edit an Entry

You may edit an existing entry in KeePass at any time. You can change your password (it is generally considered good security practice to change a password every three to six months), or modify other details stored in the password entry.

To edit an entry, perform the following steps:

Step 1. Select the correct Group in the left-hand side to activate the entries associated with it.

Step 2. Select the relevant entry, then right-click on that selected entry to activate the following window:

Figure 14: The KeePass Password Safe screen displaying the Edit menu

Step 3. Click: to save any necessary changes to this information, including the password.

To change an existing password (that you previously created yourself) for one generated and recommended by KeePass, please read the following section.

2.4 How to Generate Random Passwords

Long, random passwords are considered strong in the world of security. Their randomness is based on mathematical principles and cannot simply be ‘guessed’ by someone who is trying to break into one of your accounts. KeePass supplies a Password Generator, to help you with this process. As you have seen above, a random password is automatically generated when you add a new entry. This section will describe how to generate one yourself.

Note: The Password Generator can be activated from within the Add Entry and Edit/View Entry screens. Alternatively, select: Tools > Password Generator.

Step 1. Click: from within either the Add Entry or Edit/View Entry screen, to activate the Password Generator screen as follows:

Figure 15: The KeePass Password Generator screen

The Password Generator screen presents a variety of choices for generating a password. You can specify the length of the desired password, the pool of characters from which it will be created and much else. For our purposes, we can use the default options presented. This means that the generated password will be 20 characters long and made up of lower and upper case letters, as well as numbers.

Step 2. Click: to begin the process. When complete, KeePass will present the generated password to you.

Figure 16: The KeePass Generated Password section

Note: You can view the generated password by clicking: . However, this creates a security risk as we discussed above. In essence, you will never need to see the generated password. We will explain more about this in section 3.0 Using KeePass Passwords.

Step 3. Click: to accept the password and return to the Add Entry screen as follows:

Figure 17: The KeePass Add Entry screen

Step 4. Click: to save this entry.

Step 5. Select: File > Save to save your updated password database.

2.5 How to Exit, Minimise and Restore KeePass

You can minimise or exit the KeePass program at any time. When you open or restore it again, you will be prompted to enter your Master Password.

KeePass minimises itself, appearing in your system tray (at the bottom right-hand corner of the screen) as this icon: .

Step 1. Double-click this icon to restore KeePass to its normal size.

Step 2. Select: File > Exit to close the KeePass program completely.

If you have any unsaved changes in the database, KeePass will prompt you to save them.

Step 3. Upon opening or restoring KeePass from the system tray, you will be prompted to enter your Master Password.

Figure 18: The KeePass Open Database – NetSecureDb.kdb screen

2.6 How to Create a Backup of the Password Database file

The KeePass database file on your computer is denoted by its .kdb file extension. You can copy this file to a USB memory stick. No one else will be able to open the database without the master password.

Step 1. Select: File > Save As from the main screen, and save a copy of the database to another location.

You can run the entire KeePass program from a USB memory stick. Please download a portable version of KeePass from http://portableapps.com/apps/utilities/keepass_portable and install it on your USB memory stick.