SEARCH

How-To Geek

Securely Store Your Passwords with KeePass

There has been a lot of attention in the news lately about email passwords being compromised. Today we take a look at using KeePass to secure your passwords in an encrypted database so no one can get a hold of them.

KeePass

For this article we are using KeePass 2.09 but you can still download the Classic Edition as well, which you may want to do so you can use certain plugins. Installation is straight forward and after installing KeePass, the first thing is to create a new password database by clicking on File \ New.

1-kp

You will need to come up with a Master Password which is the only one you will need to remember moving forward. Make sure and pick a strong password with several characters, symbols, and numbers. It can be an entire phrase, sentence, or whatever you want it to be with virtually any characters you want.

Alternatively you can use a Key File which a master password in a file. This makes it so you don’t have to remember a long Master Password, but if it gets lost and not backed up you’re out of luck. Also, you want to keep the file in a secret location other than your local hard drive, malware attacks can find it if it’s openly available on your hard drive.

2-kp

Now you can start entering in your passwords. To start Right-click the open window on the right and choose Add Entry.

3-kp

Fill in the identifying fields and the password for the entry.

7-kp

Rather than typing in your own password you can have KeePass generate a random one.

6-kp

After an entry is made you can Right-click to get a menu of different options.

8-kp

When you exit out of KeePass you will need to save your changes. Click the box below to automatically save when exiting out.

9-kp

If someone were to get a hold of the Database, they will need the Master Password you created to do anything with it. Again we need to stress how important your Master Password is, make sure it is something no one can guess. Your date of birth, favorite pets name, 12345, etc are horrible passwords and can be guessed easily.

10-kp   

Another neat utility in KeePass is the Random Password Generator which will create a random password with as many or few types of characters you want to include.

4-kp

Plug-ins

There are several interesting plugins which add additional functionality and compatibility with other apps.

Note: Unfortunately not all Plugins will work with all versions of KeePass.

11-kp 

In the Plugins section you can configure them and find more by clicking on the link.

12-kp

More Password Tips

Again, we need to mention to make sure your passwords are strong and is something no one can guess. Your password is the only thing between you and your accounts that contain important personal information. Your pets name, favorite kids name, “123456″, “qwerty”, “password”…etc are poor choices. Here are some other tips to follow for creating strong passwords and keeping your accounts secure.

  • Don’t user real words and make sure there are upper and lower case characters, numbers, and symbols included in your passwords.
  • Don’t use the same password for multiple accounts. If someone gets your email password and you use it for your online banking or other sites, the accounts will be compromised.
  • Don’t give your password to anyone ever. Even if you think you can trust your spouse or best friend, it just adds to the potential of it being compromised in some fashion.
  • Don’t write your passwords down and leave them under your keyboard or in some other obvious place. You would think this should go without saying, but in my IT career I’ve been shocked at how many user I have seen do this.
  • Don’t use short passwords, make sure they are at least 8 characters.
  • Use a password management tool like KeePass or if you use Firefox to manage them, make sure you create a Master Password to protect them.
  • Change your passwords periodically. Usually in an office, the IT staff requires you to change your login and other passwords every 3-6 months. You also what to change your passwords for your online accounts as well. If you know your password(s) have been compromised then change them right away so your accounts can’t be accessed.

Conclusion

With KeePass keeping your passwords safe in an encrypted database and following strong password practices, you can have peace of mind knowing your personal data is secure. How about you? What methods do you use to keep your passwords safe? Leave a comment and let us know.

Download KeePass 2.09 or Classic Edition

List of KeePass Plugins

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 10/13/09

Comments (10)

  1. JHubbard92

    Wow, this really awesome! A good find! :-)

  2. GRrr

    I forgot KeePass when I found lastpass

  3. Engineeer Head

    I will give it a try although I am already using LastPass

  4. Evan

    There is also a compatible GUI client for Linux: http://www.keepassx.org/

    If you use Dropbox or Zumodrive, you can store the password file on the shared folder and have it available from all your computers.

    E.

  5. Maik

    I use Keepass since for a long time.
    Now, I’m waitng for the iPhone application.. There is already a submission to Apple, but stil no feedback:
    http://ikeepass.de/

  6. taloweb

    You forgot “auto-completion” and zero-install version.

    I love KeePass autocompletion: using CTRL+A on my PC I can enter on my >100 web accounts in a snap; joined to the fact that I have my KeePass program on a USB pen drive, I can enter into my protected accounts from any Pc I’m using!!!!

  7. Ed

    I’ve been using KeePass for about two years. After trying several others and an attempt of my own, I highly recommend this tool. Using a Thumb or Pen Drive for either security with the keyfile feature or to make the whole thing portable is real plus. We’ve never lost anything, scrambled anything damaged the data files in any way. GREAT PROGRAM!

  8. Alfredo

    I really enjoy this program and I use it everyday.
    I recommend:

    1. Install portable keepass on your usb stick or portable hdd.
    http://portableapps.com/apps/utilities/keepass_portable

    2. Use a key file for your database with a weird name and keep it in only 1 or 2 places.

    3. Use a really long and difficult master password for your database. mine is about 50 characters long.

    4. Use dropbox to sync your database to multiple pcs and keep it up to date.
    (don’t sync the key file. try to keep them separated)
    https://www.getdropbox.com/

    5. Keepass can store as many passwords as you like. It can hold different types of passwords.
    Use that to your advantage.

    6. Burn a cd with your database and key file and keep it in a safe place.
    (just in case you lose the usb stick or your hard drive dies)

    -Alfredo

  9. Chris

    I prefer KeePassX, if I’m not mistaken, I do believe it was built off of KeePass’s code

    Anyways, KeePassX does NOT require .NET Framework to run

    So convenient if you’re working on a PC w/o .NET Framework and lack the admin privileges

  10. Iain

    If you have an Android phone then the combination of the ported KeePass app + Dropbox app works great. I was using KeePass off a USB stick for over a year, now I only access it through my phone. (note: KeePass app only works with classic database)

Enter Your Email Here to Get Access for Free:

Go check your email!