Skip to content

Instantly share code, notes, and snippets.

@kulvind3r

kulvind3r/keepass.md

Last active April 8, 2019 08:12
Show Gist options
  • Save kulvind3r/587d606aadc30522b3af5ce7957ca5fa to your computer and use it in GitHub Desktop.
Save kulvind3r/587d606aadc30522b3af5ce7957ca5fa to your computer and use it in GitHub Desktop.
Download ZIP
Why use KeePass and How?
Raw
keepass.md

KeePass - Password Manager for Masses

Conventional wisdom recommends using a unique, randomized, long password for each set of credentials you setup for your use. It increases security and prevents loss of multiple accounts if any one account gets hacked thereby leaking your creds.

Conventional wisdom fails to say anything about remembering these unique long hieroglyphs. How very convinient for conventional wisdom.

The solution to this problem, like every other problem is to make it someone else's problem. In this scenario, a password manager's.

A password manager is a software that does the job of generating such unique randomized passwords for you, storing them and giving them to you when you need them, like an obedient lackey. In return all you have to do is to remember the one password for the Password Manager.

There are many password managers available, claiming high levels of encryption and security for safely storing your important creds. Good ones are usually paid and often with expensive subscription models. However for the thrift shoppers like yours truly, there is KeePass.

KeePass is Open Source with a wide community of devs supporting and scrutinizing it. This makes sure that it's claims of good security are well tested and any issues have a higher chance of being discovered and patched. This is probably the biggest factor in favor of using KeePass instead of proprietary managers where you need to trust the word of company selling it.

If you do not trust anyone but yourself (Hello Batman!!) you are free to check the code and build the software all by your honored self.

I personally use it, but i would recommend you do your due diligence before making up your mind.

Now for others like me, who press "I Agree!!" on EULA windows in a heartbeat. Lets move to setting it up.

Setup KeePass

  1. Download it from the offical website. KeePass.info I recommend using the latest stable release in portable format.
  2. Extract the zip at your favorite location and start keepass.exe
  3. Create a new database. Read the dialog box that pops. It tells you everything you need to know. Save the file with a name of your choice

Master Password

This is THE PASSWORD for your database. You will need to enter it every time you want to read any of the secure creds and if you forget it you will be locked out.

As this controls the access to all your creds, it needs to be "Unique", "Long" and "Random". Conventional wisdom screws you again.

So how do we achieve both of the above. Click the link below to find out....

Diceware

Diceware is a method to come up with long passwords which are easy to remember and yet fulfill the three conditions. You can read the above link to understand how it works and generate a diceware password of your own.

Diceware passwords of length 6 to 7 words are pretty secure, so build one that long.

Pro Tip: Try generating one which you can pronounce fluidly, you can rearrange the order of words to make it more fluid in pronunciation.

An example correct horse battery stapled over bunker

Once you have your diceware password ready, set it as master password for your database. Give the database a name and a description of your liking and press ok. Skip the printing of sheet.

Next press the save icon in the toolbar and your new database will be ready.

Pro Pro Tip: Before you start saving any creds to your new database, keep it empty and just practice unlocking it using Master Password from your memory until you can type the Master Password with muscle memory alone. Only after that, use it to store your creds. psst... also if you want to be absolutely sure no one gets your master password, burn the paper where you wrote the master password all these days.

Using KeePass

Storing Creds

  1. Select one of the groups from left sidebar, these are just for organising your creds in categories. You can delete existing or add new groups.
  2. In toolbar click the Golden Key icon to open new entry creation dialog box.
  3. Under the Entry tab fill the appropriate fields URL, Username, Password.
  4. There is an inbuilt password generator which can be accessed by hitting the key icon in front of the password field. You can generate random passwords by clicking various options in the menu, or configure the generator to generate passwords according to specific rules your creds require you to follow.

"Ah ahem!! Thee password shall have 1 upper case char, 1 lower case char, 1 numeral, 1 special char, an ancient rune, a hieroglyph, blood of a virgin and satan's toenail."

  1. You can add Notes to the entry, Attach files for secure storage in the entry on the Advanced tab and browse other options that attract your fancy.
  2. Once done, click ok and press the save button on toolbar. Your creds have been saved.
  3. Press ESC key or the Lock icon on toolbar to lock your database. Done.
  4. If you ever delete an entry, on default settings of a KeePass secure database. it will be moved to a speical group called Recycle Bin. It will be stored there until you go and delete it once more manually. However, if you changed the default settings when creating the database earlier. Best of luck, Batman!!

Retrieving Creds

1. On PC using KeePass itself

  1. Run KeePass, enter Master Password to unlock your database.
  2. Select desired entry.
  3. Press Ctrl+C to copy password, Ctrl+B to copy username. Use them where ever you need to.
  4. Clipboard gets automatically cleared in 12 seconds after copying password.

2. On PC from your browser

Many paid password managers provide additional features like browser plugins to use passwords easily. KeePass provides the same functionality via plugins.

You can use the Browser Add On Kee and the KeePass plugin KeePassRPC.

Both as you can observe, are open source maintaing the security argument we established earlier. However as always, you are free to test them and only use them once you are satisfied.

To install the plugin in KeePass. Shutdown KeePass. Download the .plgx file located at the release page on their github above, and put it in the plugins directory inside KeePass folder.

Installing a browser add on should be easy for Batman.

Once you install both, start your browser and then start KeePass. Unlock your database and KeePass will show you a dialog box mentioning that Kee is trying to connect via RPC connection (KeePassRPC in action), authorize the request by providing the secure password shown in the dialog box to Kee in your browser. Security level of Medium is good enough, it will keep the RPC connection password valid for a year. if you choose security level as High a new connection password will be created every time you close and open KeePass. You can read the instructions shown on the browser window by Kee to learn more.

Once connection is setup, you should now be able to search your creds from Kee and input them in fields on websites, as long as the KeePass is running and database is unlocked. As soon as you lock the database Kee will turn off.

Syncing KeePass DB across devices

You can choose any online cloud syncing service that you trust to sync your database file across multiple devices.

A password manager's entire point is to prevent people from breaking in. So KeePass's encryption of database will protect you from any nosy cloud service provider as long as your Master Password is Unique, long and Random. Conventional Wisdom! Repeat Telecast!

However if your Master Password is a measly 10 letter word from oxford dictionary, it can be brute forced. So keep it long and feel safe.

If you happen to choose Dropbox to sync across multiple devices. Instead of simply putting your database file inside your dropbox and opening it on different devices. Please scroll down to the instructions titled Synchronizing with Dropbox here to setup synchronization via Dropbox in a way that prevents any merge conflicts from simultaneous editing of KeePass database across two separate devices, using KeePass Triggers. The instructions also explain how conflicts may occur.

Proprietary software managers may have built in ways to prevent conflicts, where end user simply does not have to worry about them. KeePass requires user to setup the sync as per its requirements to prevent them.

Retrving Creds Continued...

3. On your Android Device

Keeping the tradition of using only open source and well accepted applications trusted by community we can use Keepass2Android. It is very easy to setup with your now available KeePass database on your mobile device via Dropbox.

It has almost all the advanced features on par with Apps from paid password managers. An easy way to retrive and enter passwords in various applications on a mobile device is a must, as you do not have the luxury of using a physical keyboard with all its shortcuts. Keepass2Android doesn't disappoint in this field.

The app provides its own secure keyboard and a great UX design making it trivial to enter passwords on any application without having to use a clipboard at all.

In The End

I have left out few OS like MacOSX and Linux, they have well built ports of KeePass available which can be setup similarly and as for IOS, if you have read the post, you would know i am not someone who owns an iphone to test KeePass support on IOS. =P But i am sure there will be apps supporting KeePass on IPhones.

Use password managers, they are awesome and with KeePass and this post now available to you, there is no excuse not to use one.

Explore keepass further on your own, it has many more awesome features i did not mention here. I doubt you will ever find it falling short of your expectations.

Be secure out there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment