Using KeePass

Complex Passwords?

This password tool is popular among Internet security specialists for a reason. More than one reason, actually.

You know all those rules they say we're supposed to use when creating and using passwords? Rules like, you're supposed to use a mixture of uppercase and lowercase letters, numbers, and special characters, avoid common words (especially words like password) or just using your login as your password, and that you're supposed to change your password monthly?

Well, maybe you can remember passwords like "0nM#sq;Uh/i1B55dYA9s" -- and a different one for each site, but I can't.

This handy little tool makes it possible to never have to make up, or remember, any more than one password, but meet all those criteria for secure passwords!

This crazy magic is made possible by maintaining all your passwords in an encrypted database. Each time you need another password, you simply ask KeePass to create a new one for you, and it will not only create and securely store it, but open the website where you use it, and enter your login/password combination for you!

And to top it all off, KeePass is FREE!

Let's take a look at how it works.

For now, let's assume you've downloaded and installed the program. It's a free download, available at https://keepass.info/download.html, so just go there, download, install, and open it. (Don't forget to check the hash sum to assure the file hasn't been infected with malware.)

The first thing you'll have to do is create a Master Password. This is the key to the password database, and becomes the only password you'll have to remember, so make it good. I recommend using a site like How secure is my password? to learn to generate a really good one you can remember. (But don't enter the one you want to use there!)

Create an Entry

You start by creating a new entry. Click on the Add Entry button as shown here.

Then, enter the basics. The Title is purely for your recognition of the record, a title to find it by. User name is the login.

You can enter the password in several ways, depending on how you want KeePass to work for you. I recommend clicking the ... button to begin with, which un-hides the password. (KeePass defaults to hiding it, but if no one is watching over your shoulder, it helps to see it.)

Then, you can choose to use the password generated for you, modify it, or replace it entirely.

If you didn't click the ... button to expose the password, re-type it in the Repeat field. (Works to assure you didn't miskey it, and repetition helps you remember it.)

You can choose to leave the other fields empty, but if you want to be able to use the handy auto-login capability, you'll need to enter the web location (URL) of the website you want to log into using these credentials, in the format http://whatever.com.

When you click OK, the entry dialog disappears and the entry shows up on the main KeePass screen.

Use Your Database

Here's where the magic happens. KeePass provides a way to review the data you've entered or open the website for a given entry.

Review Your Data

As you add more entries they become visible in the main window, one per row. You can see the Title, User name, and URL in the listing with the password hidden by default. To view details, double-click the row you want to see, and the dialog you used to enter the data pops up.

Open a Website

To open a website using your entered URL, click on a row to highlight it, then press <CTRL>-U, or right-click on the row, then choose URL/Open. This will open your default browser, paste in the URL you've entered in KeePass, and send the browser to that location.

In your browser, navigate to the login page if the URL you entered doesn't get there. Then, go back to KeePass, make sure the highlight is on the row you want to use, and press <CTRL>-V or use the context menu to select Perform Auto-Type.

This will drop the login and password into the those two fields, automatically, and submit the login. There will be a pause while the website responds, and if you've entered everything properly, you'll be logged in.

It's that easy. Now you can create strong passwords, different for every site, and never have to worry about them again!

Of course, there are a number of details I've glossed over here, such as configuring the options, but you can review the extensive KeePass help system to learn about that.

A few considerations:

  • I would highly recommend you back up your KeePass database often. Remember, you're putting all your eggs in one basket using this system, so imagine how bad it would be to lose it!
  • Losing your Master Password to the KeePass database would be the same as losing the database, so be sure the password is memorable!
  • Now think about this database getting into the wrong hands. It has all your keys in it! The good news is that as long as you've done a good job making a strong Master Password and not keeping that password somewhere obvious, like on a post-it note, you won't have to worry about that.