Managing passwords with Keepass

As your business grows you’ll find yourself looking after more and more secure information that requires a password. Everything from your laptop password, web hosting and multiple email addresses, WordPress account, online banking, to your ATO AUSkey login.

Updated for 2019
Although I talk about KeePass in this post it isn’t the only game in town.

 

If you are a Mac and iPhone/iPad user check out iCloud Keychain. It’s built in to MacOS and iOS and ready to use straight away. You shouldn’t need any extra software and you can securely sync your password and personal information across all of your devices.

 

If you don’t use Apple products or iCloud Keychain doesn’t meet your needs then here are some popular password managers you can look at.

1Passwordhttps://1password.comMacOS, iOS, Windows, Linux, Android
LastPasshttps://www.lastpass.comBrowser extensions and mobile apps
Dashlanehttps://www.dashlane.comMacOS, iOS, Windows, Linux, Android
Keeperhttps://keepersecurity.comBrowser extensions, MacOS, iOS, Windows, Android
RoboFormhttps://www.roboform.comBrowser extensions, Windows
Bitwardenhttps://bitwarden.comMacOS, Windows, Linux, iOS and Android

 

Some of the cloud based password managers offer a free tier so you can try them out before committing.

 

Most password systems require a minimum number of letters and digits as well as some special characters. Now is a good time to get into good security habits and start using strong passwords that are different for each site. One of the reasons to use poorly chosen passwords is that it’s simply too hard to remember them all.

Last time I checked, I had 292 passwords to remember. From email to eBay, and ATO to Zurmo. It’s obviously not possible to remember all those passwords and it not really secure to save all your passwords in your web browser. It’s really not a good idea to use the same password for everything. In fact, I’d go as far as saying that it is a Really Really Bad Idea to use the same password on any two sites. It’s just asking for a whole lot of pain somewhere in your future.

For many years now I’ve used a software password safe that lives on a USB drive and runs on Windows, Linux, and Mac. It is called KeePass. There are versions of KeePass that run on mobile devices such as iPhone, Android, Windows Phone, and Blackberry.

All I need to do now is remember one master password and I don’t need to remember any of the others.

Here’s how it works:

  1. Download and install KeePass on your computer.
  2. Create a new KeePass database
  3. Add entries
  4. Save the database in a location where you can find it.

To use KeePass you type in your master password to decrypt the database then find the entry you want and highlight it with the mouse. Ctrl-B will copy the username field to the clipboard and Ctrl-C will copy the password to the clipboard. You can also Right-click with the mouse to pop up a context menu that give you other options as well.

To log in to a web site or other application Alt-Tab to KeePass, select the entry and type Ctrl-B. Alt-Tab back to the original application or web page, make sure the cursor is in the correct field then type Ctrl-V  to paste the username. Alt-Tab back to KeePass and type Ctrl-C to copy the password. Alt-Tab back to your web page then, with the cursor in the password field, type Ctrl-V to paste in the password.

It’s actually quicker to use than you can read it here. You’ll soon get used to Alt-Tab, Ctrl-B, Alt-Tab, Ctrl-V, Tab, Alt-Tab, Ctrl-C, Alt-Tab, Ctrl-V, Enter.

At no time is your password visible in plain text for someone looking over your shoulder to see.

When you create a new account or login somewhere, open KeePass first and use it to generate passwords for you. This helps you get into the habit of using new passwords for each site. It really is easy.

That’s it. You can read more at the KeePass First Steps page.

That’s all well and good but what if you lose your USB drive with all your passwords on it?

I use two methods to keep multiple copies of my KeePass database. Firstly there are plug-ins that automate the backup of the KeePass database every time you add or delete an entry. With my main KeePass database on my USB drive, the backup plug-in makes a copy of the database on my hard disk whenever I change and save it. I’m not worried about having a copy of the encrypted database lying around as no one has the master password but me.

Secondly, I use cloud storage to keep a backup of the KeePass database so I can sync it to my mobile device. There are at least three copies of the encrypted database at any point in time. One on the USB drive, one on the computer hard disk, a copy on my cloud storage, and a copy on my mobile device. I think that pretty much covers the situation of a lost or corrupted KeePass database.

I’ll talk about backing up important files using cloud storage in another post.